Results 1 to 15 of 15

Thread: Wireless security - Airport

  1. #1
    Join Date
    Mar 2001
    Location
    Virginia... where one Democrat CAN make a difference
    Posts
    2,929

    Default Wireless security - Airport

    About to set up and use Airport Wireless for the first time. I want the best security I can get with what I have. What do I need to know?

    The setup. Mac Mini will be sharing a hard-wired broadband over the mini's built in Airport card. The Nintendo Wii will be the only regular device using the wireless.

    I don't want people stealing my bandwidths...
    Damien,

  2. #2
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,787

    Default

    B, G, or both?

    Good password protection will keep the neighbors and snoops out...97% ( I made that number up...) of broadband "thiefs" simply use wide open networks.
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  3. #3
    Join Date
    Mar 2001
    Location
    Virginia... where one Democrat CAN make a difference
    Posts
    2,929

    Default

    B or G? Whatever flavor comes in the Intel Mac Mini
    Damien,

  4. #4
    Join Date
    Jun 2003
    Location
    UK
    Posts
    1,317

    Default

    It'll be 802.11g.

    In Airport Admin Utility:

    Set strong passwords, uncheck all options in "Base Station Options".

    Set Wireless Security as WPA2 only.

    Create a closed network.

    Apply Access Control.

    That should deter all but the most determined.
    "illegitimis non carborundum"

  5. #5
    Join Date
    Mar 2001
    Location
    Virginia... where one Democrat CAN make a difference
    Posts
    2,929

    Default

    Quote Originally Posted by biggles
    It'll be 802.11g.

    In Airport Admin Utility:

    Set strong passwords, uncheck all options in "Base Station Options".

    Set Wireless Security as WPA2 only.

    Create a closed network.

    Apply Access Control.

    That should deter all but the most determined.
    In Airport Admin I have no options to set anything anywhere. No Airports are listed.
    Damien,

  6. #6
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,787

    Default

    What Bigs said.

    The longer version.....

    Well, all current Macs support both B and G, so depending on other devices on your network, you can run both (in case you have an older B olny device), or turn off either one. G is much faster, but less range/signal strenth, so sometimes if one has a device at the edge (or beyond) or G range, you can shut off G and get the device on with B.

    What does all of that have to do with security?

    Well, the security standards between the two are a bit different. If you have B only, then you will have to use WEP for password protection, whereas if you go with G (or later protocols) you can use the much more secure WPA. Nobody but very serious types can crack WPA, so very safe by home use standards.

    The latest iMacs and laptops all have N compatible cards......no word on updates to the Minis yet. If you already bought a Mini, don't worry about N.

    Even the lowly WEP will keep out 100% folks that are just looking for open and unprotected, who are not sniffing packets for MAC addresses and other sneeky things.

    ---

    As for access, does the Admin tool see the ABSE at all?
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  7. #7
    Join Date
    Jun 2003
    Location
    UK
    Posts
    1,317

    Default

    Quote Originally Posted by Damien
    ...The setup. Mac Mini will be sharing a hard-wired broadband over the mini's built in Airport card. The Nintendo Wii will be the only regular device using the wireless.

    I don't want people stealing my bandwidths...
    I replied in haste as I was leaving for work and made the assumption that you would be using a Base Station. I see that might be wrong.

    Are you rather thinking about using the Mini's Airport card to Create Network, and then using System Pref's>Sharing>Internet>Internet Sharing to share your Mini's wired connection to the internet?
    "illegitimis non carborundum"

  8. #8
    Join Date
    Jul 2003
    Posts
    1,818

    Default

    If you have B only, then you will have to use WEP for password protection, whereas if you go with G (or later protocols) you can use the much more secure WPA.
    I take it you're referring to the base station, and not the particular computers (or the computers wireless cards).

    My DA has the original Airport card - B only -- but it connects via WPA to my Linksys router. Linksys is actually set to B/G and WPA/WPA2. MBP connects via G + WPA2, while DA goes lowly B + WPA. Airport Express definitely connects via G, pretty sure by WPA2, if not WPA

  9. #9
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,787

    Default Doh!

    ..yeah, I think your are right. A limitation of earlier ABS I as I recall.....which is a moot point since I can't read and there is no BS in the first place!
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  10. #10
    Join Date
    Jun 2003
    Location
    UK
    Posts
    1,317

    Default

    If that's what you're trying to do Damien, the security (I think) would be limited to applying a WEP-encrypted password, and you might have to pay some attention to the OS X firewall on the Mini, if you have it deployed. I seem to remember having to deal with it when I was trying something similar with sharing the internet connection on my G5 with a G4.
    "illegitimis non carborundum"

  11. #11
    Join Date
    Mar 2001
    Location
    Virginia... where one Democrat CAN make a difference
    Posts
    2,929

    Default

    Yes I have NO base station.

    I have the WEP password set for 128 bit and the Mini is sharing the wired internet connection thru it's own Airport card.

    I only had one issue setting this up. The Wii would see the mini but not get the internet thru it. After reading several pages on the internet about connection issues I found the info I needed. It seems that the Mini was not using DHCP and would not assign an IP address. I got (from the net again) the default IP/Router info for the mini input them manually into the Wii and all worked fine.

    I run no software firewalls as my internet connection is behind a hardware firewall.

    Should I be using the software firewall now? Because I have internet sharing on? Or will the WEP 128 bit password do the job? I think that should be enough..
    Damien,

  12. #12
    Join Date
    Jun 2003
    Location
    UK
    Posts
    1,317

    Default

    Quote Originally Posted by Damien
    ...Should I be using the software firewall now? Because I have internet sharing on? Or will the WEP 128 bit password do the job? I think that should be enough..
    I think you'll be fine as you are. When I was futzing about with this I didn't have a hardware firewall, but now I do, and I use both anyway. I suspect that the available range of the the Mini's network is relatively small, and if it's only enabled when you want to use the Nintendo, and you have an encrypted password, I'd be pretty relaxed about anybody stealing my bandwidth. Depends a bit on what kind of 'hood you live. I'm out in the sticks. A neighbour's script-kiddie of a teenage offspring would be my only risk with my permanently-on Airport network. Sounds like you're OK.
    "illegitimis non carborundum"

  13. #13
    Join Date
    Mar 2001
    Location
    Virginia... where one Democrat CAN make a difference
    Posts
    2,929

    Default

    Well from the neighbors I have you would think I lived in a retirement community. So I feel I've done as much as I'm gonna do until I see a problem.
    Damien,

  14. #14
    Join Date
    Jun 2003
    Location
    UK
    Posts
    1,317

    Default

    My feeling exactly.
    "illegitimis non carborundum"

  15. #15
    Join Date
    Aug 2005
    Posts
    200

    Default

    Couple of quick questions on the wireless security issues.

    What are the risks of just not broadcasting your SID and only allowing only specfic MAC addresses as your security plan. (admin name and password changed of course)

    Compared to the above, how does the encryption options improve the situation and what speed or performance penalities do they present?
    Thanks Bob

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •