Lincoln 6 Echo said:
So I'll be setting up my first wireless internet router with OS X 10.3.9 and a D-Link 802.11g router this weekend, and I was wonder what I should know about securing it.
I haven't started but I was wondering how do I make it so that others can't use my wireless signal? I've noticed when I try to access some wireless connections i'm prompted for a password; is that password access setup part of OS X? Or do I need special software?
There's a mix of advice you're getting here. But as somebody who has configured and cracked many wireless networks, you can trust that I know what I'm talking about.
For encryption, you have three choices: unsecured (no encryption), WEP, and WPA.
WPA is much stronger than WEP -- IF AND ONLY IF you use a strong key. What this means is don't use "puppydog" as your password, because that can be easily cracked. Use a random combination of letters and numbers and your WPA network will be very safe.
Not all devices are compatible with WPA, however, and if you have one of those then you're forced to downgrade the entire wireless network to WEP. WEP is better than nothing, but in my experience it can be cracked in less than 30 minutes average. (Federal agents have demonstrated cracking it in 3 minutes, however.) If you live in an apartment, this is a major problem, because somebody can crack your network from the comfort of their own apartment, and you have no way to track them down. (I've done this before, BTW.) If you live in a house, then somebody who's trying to crack is at least going to have to get close to your router, and you might notice somebody parked on the street in front of your house, hunched over a laptop.
Unsecured is always a bad idea. Anybody can log on if they are close enough to the router, and if they do anything illegal on your connection it gets traced back to you. Also, any services you have enabled on your network (file sharing, etc.) become exposed to anybody who can pick up your wireless signal. Given all of the bugs in various network services, and the tendency for home users not to install all latest patches, you are potentially allowing somebody to view/corrupt your data.
Other security features:
SSID Broadcast -- leave this turned on. People tell you its safer to turn it off, but that's not very true. Your network is still easily detectable, and believe me any crackers looking for wireless networks to break into are not listening to SSID broadcasts, they're listening to network traffic (which always has SSID embedded in it.) The benefit to leaving it on is that if somebody comes over and wants to use your network (and you permit them), they'll see it on their computer.
MAC filtering -- not really worth using. It won't even slow down a cracker who knows what they're doing, and like I just said above, if somebody wants to come over and you permit them to use your wifi, its just another configuration step that YOU have to go through to get them on.
Bottom line: Use WPA (PSK) and use a strong password.
