Can compromised computer affect others through Airport WiFi?

[mac_in_tosh]

I want to use a program that in the past has had some security issues. (I'd rather not say what it is because I don't want the discussion to turn into a debate about the program.) As such, I don't want to put it on my Mac that I use for bank accounts, etc. I was thinking to get an iPad or maybe even a Chromebook or cheap PC laptop and more or less dedicate it to use with the program and other non-secure things. I would have to give this other device my Airport WiFi password, however, which leads me to ask whether the new computer could, through access to the WiFi, affect my Mac should it pick up some malware or virus?

Related to this, can you set up more than one WiFi network using the Airport Base Station so that they are isolated from each other?

Thanks.

 

[MacUser2525]

I want to use a program that in the past has had some security issues. (I'd rather not say what it is because I don't want the discussion to turn into a debate about the program.) As such, I don't want to put it on my Mac that I use for bank accounts, etc. I was thinking to get an iPad or maybe even a Chromebook or cheap PC laptop and more or less dedicate it to use with the program and other non-secure things. I would have to give this other device my Airport WiFi password, however, which leads me to ask whether the new computer could, through access to the WiFi, affect my Mac should it pick up some malware or virus?

Related to this, can you set up more than one WiFi network using the Airport Base Station so that they are isolated from each other?

Thanks.

You will want to read very carefully the links in this search.

🔎 use dmz to create separate network - Google Search

www.google.com

 

[mac_in_tosh]

You will want to read very carefully the links in this search.

🔎 use dmz to create separate network - Google Search

www.google.com

A lot of that is over my head, but I take it that the answer to the question in the title of this thread is Yes.

As is the answer to the question at the end of my post, but it doesn't appear as easy as I hoped.

 

[MacUser2525]

A lot of that is over my head, but I take it that the answer to the question in the title of this thread is Yes.

As is the answer to the question at the end of my post, but it doesn't appear as easy as I hoped.

Yes the answer is yes a DMZ is what you describe you want. If the settings are in the router for one then it is extremely easy to do.

 

[mac_in_tosh]

Yes the answer is yes a DMZ is what you describe you want. If the settings are in the router for one then it is extremely easy to do.

Looking into this further, you are right - the Airport Utility program has a simple checkbox option for the Airport Extreme basestation to set up a "guest network" with or without a password (I would use one). That appears to be what I would want. From Apple's Airport Utility User Guide:

Set up a guest network in AirPort Utility on Mac
You can set up a guest network that segregates a portion of your internet traffic away from the main network.

 

[MacUser2525]

Looking into this further, you are right - the Airport Utility program has a simple checkbox option for the Airport Extreme basestation to set up a "guest network" with or without a password (I would use one). That appears to be what I would want. From Apple's Airport Utility User Guide:

Set up a guest network in AirPort Utility on Mac
You can set up a guest network that segregates a portion of your internet traffic away from the main network.

This would be what you want to do, good to see the setting is there for you.

 

[mac_in_tosh]

So not so simple. I decided to test the guest network today. I enabled it and it showed up in the list of available networks but my MacBook Pro wouldn't connect to it - the WiFi icon at the top of the screen indicated it was looking for the network but never turned solid. I came across this discussion on Apple's forum Guest Network on Airport Extreme which contained the answer shown below. My Airport is connected to a Verizon Fios box that has multiple ethernet ports so I guess I am out of luck?

If that's the case, an alternative would be for me to enable the Fios wireless, which I usually have turned off, and connect the iPad/Chromebook or whatever I get to that network. Am I correct in assuming that would be independent of my usual Airport wireless network, as I was hoping the guest network would be?

 

[MacUser2525]

So not so simple. I decided to test the guest network today. I enabled it and it showed up in the list of available networks but my MacBook Pro wouldn't connect to it - the WiFi icon at the top of the screen indicated it was looking for the network but never turned solid. I came across this discussion on Apple's forum Guest Network on Airport Extreme which contained the answer shown below. My Airport is connected to a Verizon Fios box that has multiple ethernet ports so I guess I am out of luck?

If that's the case, an alternative would be for me to enable the Fios wireless, which I usually have turned off, and connect the iPad/Chromebook or whatever I get to that network. Am I correct in assuming that would be independent of my usual Airport wireless network, as I was hoping the guest network would be?

View attachment 947798

Depend on where the IPs come from. If the FIOS router acts as a pass through for the network connection to your Airport, and it serves up the IPs for everything that connects to it. Then you would have two networks the FIOS network and the Airport network. But if the Airport just connects to the FIOS and the FIOS gives out the IPs on its network then they will all be the same network.

The setup I have is the first one. My Fibre connection comes to it the router they provide. Then in the Advanced DMZ settings I have the router I use for my internal connections listed there. This allows it to serve up the network IPs I connect to it with. The internal router get an IP that is in the external connected to my provider IP allowing access to the internet through its router functions. Anything that connects to the Fibre router gets an IP from it and cannot connect to the other computers off the router I use for all connections internally. I found this out by accident when one of my laptops would not connect to the other machines. I had used it once to connect and configure the Fibre router so it defaulted back to connecting to it and not my one I use internally.

 

[mac_in_tosh]

Depend on where the IPs come from.

I really appreciate your helping me out here but as someone not versed in the technology I'm afraid it's quite over my head. Suppose I turn on the Fios wireless in addition to my usual Airport wireless. If I then connect one of my MBPros to the Fios wifi, is there a simple test I could do to determine its independence from the Airport wifi?

 

[MacUser2525]

I really appreciate your helping me out here but as someone not versed in the technology I'm afraid it's quite over my head. Suppose I turn on the Fios wireless in addition to my usual Airport wireless. If I then connect one of my MBPros to the Fios wifi, is there a simple test I could do to determine its independence from the Airport wifi?

Yes look at the IP addresses they should be different. The IP will not be on the same network if they both have their own networks. With these thing you are on your own range of private IPs. Something like 10.10.10.??? or 192.168.???.??? these are reserved for devices never to be open to the outside world. And now I searched I almost forgot about the 172. ones. The way to check is to connect to each router and see the different addresses. It does not matter the numbering scheme only that they are on different ones. I think you probably are setup they way needed to do it as that would make the most sense for a setup like you have. To do it the other way would mean you could be using a simple switch and not a router for its place in the connections being made. It is the last couple of sets of numbers that matter when looking at them. Something like 192.168.0.1 and 192.168.1.1 those are different networks. With 192.168.0.1 and 192.168.0.2 those are the same network.

What is a Private IP Address?

An IP address within one of three ranges (10.x.x.x, 192.168.x.x, 172.16.0.0 - 172.31.255.255) are used within local networks only (behind routers and firewalls)

whatismyipaddress.com

 

[mac_in_tosh]

Thanks again for being so patient with me. I connected my MBPro to the Airport wifi and then to the Fios wifi.
All the numbers that I could find in System Preferences/Network were the same for both: DNS Server, IPv4 Address, Subnet Mask and Router.

I thought I asked this yesterday but don't see it - suppose I connect a device with wire to one of the Fios modem's ethernet ports? I tested that and found that the DNS Server number was the same as for both wifi networks. Other numbers were the same except for the iPv4 Address which for the wired case ended in 1.8 instead of 1.6.

If I am following you, I take it that this means that either using the Fios wifi or a wired connection to the Fios modem will not provide the isolation from the Airport wifi that I was seeking so malicious software running on a device so connected would then have access to my other devices on Airport wifi.

 

[tootyfrooty]

Depending on the age of the router you can set up a 5Ghz guest network as a second network. Just give it a different SSID name

 

[MacUser2525]

Thanks again for being so patient with me. I connected my MBPro to the Airport wifi and then to the Fios wifi.
All the numbers that I could find in System Preferences/Network were the same for both: DNS Server, IPv4 Address, Subnet Mask and Router.

I thought I asked this yesterday but don't see it - suppose I connect a device with wire to one of the Fios modem's ethernet ports? I tested that and found that the DNS Server number was the same as for both wifi networks. Other numbers were the same except for the iPv4 Address which for the wired case ended in 1.8 instead of 1.6.

If I am following you, I take it that this means that either using the Fios wifi or a wired connection to the Fios modem will not provide the isolation from the Airport wifi that I was seeking so malicious software running on a device so connected would then have access to my other devices on Airport wifi.

It seems they are all on the same network as the numbers end identically where it matters for this. Check around in the FIOS settings to see if it has the DMZ settings like mine has to allow you to make them two individual networks. It might be as simple as checking in the Airport to see if it has way to set the box IP to a different subnet for its Gateway IP setting it to 192.168.2.1 and turning on the dhcp server so it will serve up a new IP to all devices connected to it. Just remember your changes so you can go back to the working setup if it fails it your trying new settings.

 

[mac_in_tosh]

So I called Verizon and my existing Fios device does not support a guest network. To have this capability, I would need to upgrade to the Fios Quantum Gateway.

 

[MacUser2525]

So I called Verizon and my existing Fios device does not support a guest network. To have this capability, I would need to upgrade to the Fios Quantum Gateway.

Looks like you need to determine how much more to go with this. Either getting them to upgrade your device and I would think account at probably more costs or getting a device you can use to do it, again additional costs involved. Or if taking the device you get to use this program with, see if you can find free public networks any place and use the device there. Any way it is done, looks like a lot of hassle to get it done.

 

[mac_in_tosh]

Looks like you need to determine how much more to go with this. Either getting them to upgrade your device and I would think account at probably more costs or getting a device you can use to do it, again additional costs involved. Or if taking the device you get to use this program with, see if you can find free public networks any place and use the device there. Any way it is done, looks like a lot of hassle to get it done.

Yes, some cost but it appears the updated Fios router would be a drop-in replacement for what I have now.

 

[MacUser2525]

Yes, some cost but it appears the updated Fios router would be a drop-in replacement for what I have now.

If that is true then go for it and you have solved your problem, hopefully anyways, if it does work like they say it will.