# Help Securing a  wireless network



## rubingr (May 3, 2005)

I have an Airport Extreme wireless network in my house, and have been having a problem (I believe) with my neighbors connecting to my network. Is there a way to 1) see who is connected to the wireless network, and 2) secure the network so it takes a password or something to log onto it?

I know these are kind of simple questions, but I am not much of a computer guy, which is why I bought an Apple in the first place (which I love).


----------



## Lycander (May 3, 2005)

I no longer use Airport, but last I remember, you can specify the MAC address of your wireless cards in your base station config and it will ONLY allow those devices to connect.

It's kind of tedious to look up the MAC address and enter the long string of letters and numbers, and the more personal machines you have the longer it'll be. But once you set that up you're good for a while. And it's probably the best you can do to keep other people out.


----------



## rbuenger (May 3, 2005)

Most important is to encrypt the traffic (minimum WEP 128 Bit), enter fixed MAC addresses for allowed units and disable/hide the SSID. 

There is a lot more that can be done but that's just to complicated and in 99.9% just not necessary for a private person. Depends on your data and if there are other people interested in having these data. But for a normal user the mentioned  three things should be enough.

Just to make it clear: It's not very complicated to 'break' fixed MAC or WEP if you have some time. But why should someone invest several days if there is an open net a few blocks away 

But maybe you would like to wait a few days until starting to secure the net. Maybe you want to monitor your own networ traffic for 'unusual' data. If this is your own network and no other persons (legally) connected there (or they agree to be monitored) you can use a sniffer to watch the traffic. So if another person use your network you can see it.
But I'm not giving a step by step solution here as this could easily be used for non legal monitoring etc. But maybe a search engine will help there or you can contact me directly.


----------



## rubingr (May 3, 2005)

Guys I appreciate the info, but I really need to know how to secure it, not just what to do. I am an attorney, and need to be pretty sure that the network is off limits to other people to keep my clients data secure. I have a pretty good firewall, firevault turned on, and all the individual files are password protected and encripted on top of that, but I really would prefer to choak off that access point to my computer if possible.


----------



## Lycander (May 3, 2005)

rubingr said:
			
		

> but I really need to know how to secure it, not just what to do.


Er... no offense but that statement is redundant.

If you're that concerned about protecting your data, don't even give that machine any network connectivity. Doesn't matter if it's wired or wireless. That's the only secure way. At work we use laptops for private data and they get locked up in a closet or desk drawer.

You should still do the things already suggested to keep people off your network. Suppose someone gets on your network, uses your Internet connection to download stuff off of P2P networks, guess who's door the Feds will come knocking on?


----------



## rubingr (May 4, 2005)

Ok, let me try to be a bit clearer... I know that I need to encrypt the network, but I don't know how to encript the data. Meaning that I don't know the stept to take to ensure that the data is encrypted. 
  Keeping the laptop off the network isn't practical, nor necessary. While the data does need to be secure, the only requirement is that resonable methods are taken to ensure the data is secure, not to make it impossible to access by a dedicated hacker. I am just trying to figure out how to prevent someone from just grabbing the file out of the air and opening it.


----------



## The Ghost (May 5, 2005)

Do just one thing. Enable WPA encryption. In doing so, use any easy to remember 8 character alphnumeric password. Enable WPA using your AirPort Extreme's interface.


----------



## elander (May 6, 2005)

Start your "Airport Administrator" application (should be in your "Utilities" folder inside the "Applications" folder).

When you see the name of your Airport Base Station in the list to the left, double click on it. You'll be asked for the administrator password for the base station, fill it in and click ok.

A new window opens, and in it you click on the "Airport" tab, if it isn't active already.

In the lower part of the window is a section called "Network". There you have an option to change security settings. Click that button and choose "128 bit WEP", or, if you have the choice to use "WPA" do so (I only have a first generation Airport so I'm not up to date on all the features of Express). This forces everyone to use a password to connect, and also encrypts all traffic on the network.

Also, make sure you have a check mark in "Private network", that way your base station won't tell anyone the name of your network, and it'll be a little more difficult to find it.

Once you've done this, click "Update", and your Airport Base Station will restart with the new settings. You'll probably have to reconnect manually to your network, and specify its explicitly since it's no longer visible.

This is pretty much all you can do, apart from further encryption through SSL/SSH, using PGP for mail etc.


----------



## Viro (May 6, 2005)

The Ghost said:
			
		

> Do just one thing. Enable WPA encryption. In doing so, use any easy to remember 8 character alphnumeric password. Enable WPA using your AirPort Extreme's interface.



I agree with using WPA since it is far more secure than WEP ever could be, but I disagree with using merely a 8 character alphanumeric password. WPA supports up to 64 characters in a password including phrases. Thus, if you felt inclined you could come up with your own pass_phrases_ which are much longer than standard passwords (what? you actually know some 64 character words?) and just as easy to remember.

If you are really concerned with security, you wouldn't be using a wireless network anyway. Since all the network packets are broadcast into the atmosphere, anyone with a wireless card will be able to log all your packets and then head home to decrypt them at their leisure. Wired connections don't suffer as severely from such problems, since physical access to a network point is required.


----------



## The Ghost (May 6, 2005)

Viro said:
			
		

> I agree with using WPA since it is far more secure than WEP ever could be, but I disagree with using merely a 8 character alphanumeric password. WPA supports up to 64 characters in a password including phrases.



I agree, of course. He appeared to be trying to keep things as simple as possible.


----------

