Wireless Security

I

infinite-loop

Leave the whales in peace
I have a wireless broadband set-up at home & I have a sneaky feeling that one of my neighbours is accessing it from their own home..!

Is there a utility available that will let me check out who is accessing my wireless set-up and if necessary block them..?

I will get round to securing the network soon.

Any help/advice greatly appreciated.

Regards..
 
Most wireless routers have the option to set up access control lists.
If your base isn't an airport, connect to it (http://router's ip address usually does it) and log in it. There should be some setting somewhere for adding the devices to the list. Add your MAC address when you find where to add it (get it from Network Utility or System Preferences or with ifconfig -a) or them rather (I'd add not only airport but also ethernet MAC address to it).
Update the router to apply those changes and he'll be gone.

The monitoring of the network access is also router by router .. ideally they would all have option to control the traffic.

You could of course always use KisMac and see who is using your own network ;)
 
MAC filtering can be fooled easily - but it's unlikely that anyone will try to get around it unless your neighbor is bent of hacking your network. Still, WPA is much more secure, and it can be setup with a simple password that computers use to connect to the network (unlike WEP, which requires a long string of random code). This is useful if a friend needs to use your network - rather than figuring out what their wireless MAC address is, you can just enter the password for your network.
 
Definitely enable any security that you can on that wireless router. WPA2 is your best option, but if you have WPA that would be good as well. WEP is completely broken and can be cracked in little time (especially with a tool like Aircrack) so if you have WEP-only devices you'd probably be better off replacing them is possible. Yes, it's most likely that even if you have WEP enabled it might not be worth to trouble for some since it would be easier to just find an unsecured wireless network, but those who are intent on getting into your network for whatever reason would easily be able to bypass WEP with the right tools.

Some other things you might want to do:
  1. Disable SSID broadcasting.
  2. Enable MAC filtering
  3. Disable Universal Plug and Play (major security risk)
  4. Restrict wireless computers from accessing the router's config page (only allow for computers on your wired Ethernet connections to access it).
  5. Only allow configuration page to show up using Secure HTTP (https).
  6. Use strong non-dictionary passwords for your router config and for your WPA/WPA2 encryption (if using a password and not a certificate).
  7. Enable software firewalls on the computers in your private network (if you're that paranoid).

One thing to remember, some of these by their own are useless but combined with other methods mentioned will allow for greater security through "defense and depth". The more layers an intruder has to go through, the less they will try to get in since it's just not worth the trouble. Even if you have no choice but to use WEP, adding these extra layers of security will still make it more difficult for intruders to make their way in.
 
Many thanks for all info & advice guys. My problem is that I'm a bit of a dimwit when it comes to networking etc..!

My Mac has a Belkin F5D6050 Wireless USB adapter, the Wireless Access Point is a Belkin F5D7130 connected to a F5D5230-4 Router which in turn is connected to my BroadBand modem.

How do I go about implementing the security features mentioned..? Do I have to do it with a direct ethernet cable connection or can it be done wirelessly..?

Also what steps can be taken from my Mac without touching the WAP..?

Thanks again for all your help..
 
You can configure your router's settings at 192.168.2.1 (username: admin, password: <blank> - change this when you can). The online manual for your router doesn't have any info about settings up security, but you should see everything we're talking about under the security tab.
 
I have an Airport Express (first generation) network. Can someone tell me where to go in the Airport Administrator Utility to disable SSID broadcasting and enable Mac addressing? Or is this not needed? Thanks!

[*]Disable SSID broadcasting.
[*]Enable MAC filtering
[*]Disable Universal Plug and Play (major security risk)
[*]Restrict wireless computers from accessing the router's config page (only allow for computers on your wired Ethernet connections to access it).
[*]Only allow configuration page to show up using Secure HTTP (https).
[*]Use strong non-dictionary passwords for your router config and for your WPA/WPA2 encryption (if using a password and not a certificate).
[*]Enable software firewalls on the computers in your private network (if you're that paranoid).
[/LIST]

One thing to remember, some of these by their own are useless but combined with other methods mentioned will allow for greater security through "defense and depth". The more layers an intruder has to go through, the less they will try to get in since it's just not worth the trouble. Even if you have no choice but to use WEP, adding these extra layers of security will still make it more difficult for intruders to make their way in.[/QUOTE]
 
infinite-loop said:
I have a wireless broadband set-up at home & I have a sneaky feeling that one of my neighbours is accessing it from their own home..!

Is there a utility available that will let me check out who is accessing my wireless set-up and if necessary block them..?

I will get round to securing the network soon.

Any help/advice greatly appreciated.

Regards..
Click to expand...


Most routers let you find out who is connected to the router. This might give you an idea if anyone is actual using you as free internet provider. Otherwise MAC address and/or ENCRYPTION enabling should be adequate for preventing using your WiFI connection.


Good luck, Kees
 
infinite-loop said:
Also what steps can be taken from my Mac without touching the WAP..?

Thanks again for all your help..
Click to expand...


Your computers can do nothing to prevent external entry unless they are the gateway except configuring the WAP. You can no even be sure that they are on while unauthorised entry occurs.

You can take some steps to prevent access to your MAC by someone who uses your WAP to access your network.


Good luck, Kees
 
You must log in or register to reply here.
Back
Top