Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Wireless Security: Thoughts/Experiences?

Seasought

Seasought

macrumors 65816
Original poster
Nov 3, 2005
1,093
0
I've done some reading on wireless Internet security risks and have taken some simple steps using native OS X apps (firewall, services, etc...), doing md5 checksums, watching important log files, password protecting things, but I also read an article about how easy it is to exploit a 'protected' wireless network using easily obtainable free software to sniff and crack one's way into unwanted territory.

I've always liked the idea of setting up a small wireless setup in my apartment with the proper MAC filtering, firewall, WEP - whatever to protect it but, is there something I'm missing that's more effective (short of going with a secondary hardware firewall or going back to wired)?

All of you with experience exploiting this or protecting yourself against it I'd love to hear your thoughts read your links. I've been taking my Powerbook around my area (war driving) just to see what hotspots are out there and it's quite disturbing to think people are so clueless about potential risks/problems with regard to their home networks.

Thanks in advance.
 
TheMonarch

TheMonarch

macrumors 65816
May 6, 2005
1,467
1
Bay Area
Don't use WEP... WPA is much more secure... Also keep in mind where you live... If you suspect that a lot of people really close* to you have wifi equipment, then opt for a stronger security (WPA)... Otherwise, WEP is secure enough for the average user. Don't sweat it too much ;)


*What I mean by close, is that you get other people's signal in your home close (Not having to wardrive)
 
EricNau

EricNau

Moderator emeritus
Apr 27, 2005
10,730
287
San Francisco, CA
Also make sure to check the box "create a closed network" in the AirPort Admin Utility. This will make it so without 3rd party (black-market) software, others will not even know the network is there. In other words, your AirPort will not 'broadcast' its name; someone could be right next to your hub, and unless they know the name of your network, and type it into their computer they can't log into it. WPA is also good on top of this.

Also, since you are in an apartment, you can change the strength of your AirPort hub, therefore making the range less, so it will only be within your area. This way, only your direct neighbors could pick up the signal, not half of the floor. To do this; in the AirPort Admin Utility, click "Wireless Options...," then in that window, at the bottom, slide the slider to whichever strength fits your needs best.
 
Seasought

Seasought

macrumors 65816
Original poster
Nov 3, 2005
1,093
0
blaskillet4 said:
Otherwise, WEP is secure enough for the average user. Don't sweat it too much ;)
Click to expand...

I'm always paranoid about these things...and now that I own a Powerbook (and am quite obsessed with it) I must protect it from evil...I must...<eyes glaze over>

Thanks for the advice
:D
 
Seasought

Seasought

macrumors 65816
Original poster
Nov 3, 2005
1,093
0
EricNau said:
Also make sure to check the box "create a closed network" in the AirPort Admin Utility. This will make it so without 3rd party (black-market) software, others will not even know the network is there.

Also, since you are in an apartment, you can change the strength of your AirPort hub, therefore making the range less, so it will only be within your area.
Click to expand...

Will do, I'll have to experiment with the range settings.

I considered setting up my old linux box as a 'honey pot' that DoS attacks them or just sends them nowhere, but I think that might be going overboard...

Thanks for the tips, appreciated. :D
 
EricNau

EricNau

Moderator emeritus
Apr 27, 2005
10,730
287
San Francisco, CA
blaskillet4 said:
Otherwise, WEP is secure enough for the average user. Don't sweat it too much
Click to expand...

Why not use WPA, it's just as easy to set up as WEP, and just as easy to log on to (assuming you know the password). But it is much better.
Kinda like when you go to the grocery store, and they have skittles on sale, and the 20 oz bag is the same price as the 5 oz bag - which are you going to chose? ;)
 
SummerBreeze

SummerBreeze

macrumors 6502a
Sep 11, 2005
593
0
Chicago, IL
EricNau said:
Why not use WPA, it's just as easy to set up as WEP, and just as easy to log on to (assuming you know the password). But it is much better.
Kinda like when you go to the grocery store, and they have skittles on sale, and the 20 oz bag is the same price as the 5 oz bag - which are you going to chose? ;)
Click to expand...

MMM.....skittles....

WPA might not be as good as candy, but it is definitely something you should use instead of WEP. I have it set up at my apartment building, and all of my roommates (who aren't exactly computer people) had no problem getting online.

Of course, I'm still a bit paranoid, so whenever I do online banking or anything that has to do with identity/credit cards, I plug into the wall.
 
Seasought

Seasought

macrumors 65816
Original poster
Nov 3, 2005
1,093
0
SummerBreeze said:
MMM.....skittles....
Of course, I'm still a bit paranoid, so whenever I do online banking or anything that has to do with identity/credit cards, I plug into the wall.
Click to expand...

Sounds good actually.
 
Aggamemnon

Aggamemnon

macrumors member
Nov 24, 2005
86
18
Bath
Wireless Security

Wireless can be a nightmare and, having done some wardriving, I can assure you that the security is no joke.

WEP is totally non-acceptable.

WPA is bareable, but I would strongly advise that you pick a long key and have both numbers, letters and non-alphanum chars. Something like _f00^B&R_:) but longer.

Hiding the SSID of the network is optional as anyone capable of cracking it is capable of picking the SSID from the air. MAC filtering is also up to you (it is trivial to spoof a MAC address).

However, there is another school of though that encourages you to leave your internet connection open via your WiFi, and set the SSID to something meaningful and helpful (such as your address). This provides a public service and may be useful to someone. For example, I make use of the WiFi in my road when my router is down or I am in the garden (as I am wired at home). You can protect access to your internal network by using VPNs to make a secure Virtual Private Network, and/or SSH tunnels.

Or, you could secure you WiFi to the max as I stated earlier, AND run a VPN behind it.

Hope that helps.
 
EricNau

EricNau

Moderator emeritus
Apr 27, 2005
10,730
287
San Francisco, CA
Aggamemnon said:
Wireless can be a nightmare and, having done some wardriving, I can assure you that the security is no joke.

WEP is totally non-acceptable.

WPA is bareable, but I would strongly advise that you pick a long key and have both numbers, letters and non-alphanum chars. Something like _f00^B&R_:) but longer.

Hiding the SSID of the network is optional as anyone capable of cracking it is capable of picking the SSID from the air. MAC filtering is also up to you (it is trivial to spoof a MAC address).

However, there is another school of though that encourages you to leave your internet connection open via your WiFi, and set the SSID to something meaningful and helpful (such as your address). This provides a public service and may be useful to someone. For example, I make use of the WiFi in my road when my router is down or I am in the garden (as I am wired at home). You can protect access to your internal network by using VPNs to make a secure Virtual Private Network, and/or SSH tunnels.

Or, you could secure you WiFi to the max as I stated earlier, AND run a VPN behind it.

Hope that helps.
Click to expand...
What's a VPN? How does it work? How can I do it?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom