How to Secure a Wireless Network | None | The MacXperts

The MacXperts
Tips and Tricks

Smooth Running

The best way to keep your computer systems running smooth, and problem-free is to create a healthy environment for it. A healthy environment begins with clean, filtered AC power. Never use a surge protector with your computer. Only use an Uninterruptible Power Supply, sometimes called a UPS or battery backup. These are power rated in volt-amps. Generally, a laptop or mini will require at least a 350 va unit. An iMac 750 va, and a Mac Pro or server 1500 va. I recommend American Power Conversion (APC), and Triplite units

Repair Permissions

The life-blood of any unix system is the directory structure and permissions. Think of the directory as the table of contents to a book, with the hard drive being the book. If the directory becomes corrupted, it is not possible to find the desired data. Permissions specify who can read and write to files and folders. Damage to both is just part of the nature of computing, but can render your data and computer useless. To prevent small problems from snowballing, use Disk Utility weekly to repair permissions and to check your directory. Even better, use Mac HelpMate from The MacXperts to automate this and other routine maintenance jobs.

Crash Plan

It is not a question of if you will ever lose important data, only a matter of when and how often! Backing up your data is an essential part of computer support. It is vital to have at least one on-site and one off-site backup. In the event of catastrophic loss, such as fire or theft, your on-site backup will be lost. This is where your off-site backup becomes a life-saver. For Mac OS X 10.5 and 10.6 users, Time Machine is the ideal on-site backup option. Off-site solutions include Mozy, SpiderOak, Carbonite, JungleDisk with Amazon S3 Services, and CrashPlan.

Malware

Think your Mac is immune from malware? Think again. Sure, we don't get nearly as many infections as Windows users, but it does happen. Perhaps even worse is that your Mac can receive a Windows virus that can then be sent to a Windows user, destroying their system. Not such a good move if you are trying to build a business relationship with that person or organization. Every Mac should have a solid anti-malware utility installed. My personal choice is Intego VirusBarrier.

Office Alternative

Need a full-featured office application suite, but don't want the expense and bugs of Microsoft Office? Sun Microsystems Open Office, available for the Mac as both Open Office and Neo Office are terrific alternatives for many users - and they are free!

Bootcamp Partitions

Got Boot Camp? Now how are you going to backup your windows partition? WinClone to the rescue. WinClone will create a duplicate of your Boot Camp partition, saving it to your Mac partition. Then when your Mac side is backed up with TimeMachine, your Windows data is doubly safe.

Windows on a Mac

Think you need to go through the expense, hassle, and security concerns to install Windows on your Mac to run your Windows-only applications. Perhaps not. there are may alternatives to running Windows software without windows. Check our our blog "Running Windows on Macintosh".

Remote Access

Ever been out of town and just had to have that important document that was safely stored away on your home computer? There are now many free and easy options to have remote access to all of your Mac and Windows systems.

Blog Tags

Call 505.453.0479

MacTec Listserv

MacTec is a mailing list supporting the clients and students of The MacXperts.

List Information Page
Subscribe to, Unsubscribe from, and View Archives of the MacTec list

Recent Blog Articles

Follow The MacXperts

RSS Feed

How to Secure a Wireless Network

2010 | April | 27 | 04:38 PM mountain time

SUMMARY

Got WiFi? Then you most likely have a few folks trying to get onto your network without your knowledge or permission! Unless you like having your bandwidth stolen, and your data compromised, it’s time to bolt that door shut.

BACKGROUND

WiFi, or as Mac-lovers know it as “AirPort”, has revolutionized networking. Not only are we no longer tethered to our Ethernet cable at the office, we can have high-speed Internet at the corner cafe. Well over half the households with broadband internet access now also have WiFi.

This makes it incredibly easy to pull out your laptop anywhere in the home and get to play, er, I mean get to work.

Unfortunately, few home users know how to configure their wireless networking so that it prevents others from access.

WHY YOU DON’T WANT OTHERS ON YOUR WIRELESS NETWORK

It’s not because you don’t want to share your toys, it’s because having others on your network presents all sorts of problems you really don’t want to have in your life. At a minimum a piggybacker will slow your network. At its worst they could easily cause the interruption of your Internet service, hack your personal data, and potentially have you permanently blocked from any Internet Service Provider (yes, really).

Keep in mind that your wireless network operates in a “time-sharing” mode. If the total available bandwidth is, say, 54 Mb/s and you are the only person on the network, you get access to all 54. If there is another person on your network, that 54 is evenly divided between the two of you, so each gets 27. Should 10 be on your network, each gets 5.4 Mb/s. So the neighbor that is piggybacking on your WiFi is severely impacting your ability to quickly work on the Internet.

How about that kid a few houses down the block with tons of time on his hands. Your signal reaches him as well. Even if you have your WiFi password protected, with enough time he may well figure out your password, access your network, and then go to work on your computer login password (which statistically speaking, will be the same as your WiFi password). Now that kid has full access to everything on your computer, including user names and passwords for bank accounts, credit cards, etc.

(Note: As reported on 3/25/2010, a teenager in England hacked into President Obama’s Twitter account simply by guessing security information)

It can get even worse. What if someone uses your WiFi network to send spam? That action will have your Internet provider disconnect your service and place you on a black list. Getting off the black list is a herculean task, and as long as you are on it, no ISP will service you. No problem, you really wanted to go back to using a modem anyway, right?

STEPS TO SECURE YOUR WIRELESS NETWORK

For our purposes I will assume you are using an Apple AirPort Base Station. The steps are identical regardless of the brand of base station you are using, just the specifics as to what screen a setting is on will be different.

Change the default administrator user name and password

Just about half of all wireless networks have the default administrator user name and password in place. This makes it a cinch to get onto a network.

Launch AirPort Utility.
Click the “Manual” button.
Select the “Airport” icon in the navigation bar, then the “Base Station” tab. In the “AirPort Extreme Password” field, enter a new password of at least 14 characters–the longer the better. Then click the “Update” button.

Encrypt the data on your network

Using WiFi broadcasts your data as a radio wave. Off-the-shelf antennas can easily pick up your signal from over 20 miles away. And that signal is easily readable. To block the ability to read your data (such as user name and password when you access your bank on the Internet), you must encrypt your data.

There are two basic encryption schemes in use today, WEP and WPA. WEP has been broken, the guidelines for how to decrypt a WEP signal are available on the Internet. WEP now only provides a false sense of security. DON’T USE WEP. If your base station is only capable of encrypting in WEP, trash it and get another base station. An Apple AirPort Express can be purchased for $99, and the Extreme for $179 (my favorite choice).

Select the “Airport” icon in the navigation bar, then the “Wireless” tab. In the “Wireless Security” pop-up menu, select “ WPA/WPA2 Personal. Note: WPA has recently been hacked, but the details are not yet widely available. If you are certain that all of the computers that you want to access your network are capable of supporting WPA2, then you can select just that. Otherwise, use the WPA/WPA2 option.
In the “Wireless Password” field, enter the password that will be entered to access the WiFi and get onto the Internet. This password should be at least 14 characters long. Then click the “Update” button.

Hide your SSID

Your SSID is the name of your wireless network, as seen when scanning for a network to join. If you hide your SSID, it will keep your neighbor from piggybacking on your network, but it likely won’t have an impact on a serious hacker. In order to join a network with a hidden SSID, you have to know the name of the network.

To join a network with a hidden SSID:

From the desktop, select the AirPort menu item.
From the AirPort menu item, select the “Join Another Network” submenu.
In the “Join Another Network window, enter the name of the network to join, select the type of security it uses, then enter the password. Then click the “Join” button.

To hide your SSID:

Select the “Airport” icon in the navigation bar, then the “Wireless” tab. Near the bottom of the window click the “Wireless Options” button.
In the “Wireless Options” window, enable “Create a closed network”. Then click the “Done” button.

Restrict access via MAC address

Here we are getting very serious about security, possibly more so than a typical household requires, but not too much for a business.

Every networkable device has a MAC (Media Access Control) address. Most base stations permit restricting access based on MAC address–some go as far as specifying what days and times each MAC address can access the WiFi network.

To locate the MAC address of your Macintosh:

On the Macintosh, select Apple menu > System Preferences > Network.
Click the “Advanced” button.
In this window you will see the “AirPort Address”. This is the same as the MAC address. Write down this address. Then Quit out of System Preferences.

To restrict access based on MAC address:

Select the “Airport” icon in the navigation bar, then the “Access” tab.
In the “Mac Address” field, enter the address retrieved in the previous steps. Assign a description of the computer. Then specify when this computer may have access. When finished, click the “Done” button.
Click the “Update” button.
Repeat steps 1-3 for every device that will access your WiFi. All other devices will be blocked, even if they can crack your password!

Install anti-malware software on your computer

Currently there are over 600,000 malware products (viruses, trojan horses, etc.) running in the wild on Windows, and fewer than a dozen for Macintosh. The likelihood of becoming infected on a Mac is low, but it is real. I have a dozen or so client machines each year that become infected.

An infected computer can be turned into a zombie, performing at the command of the creator of the malware, including sending user names and passwords without your knowledge and bypassing all of your security measures. Because of this, it is vital to protect your Mac against malware.

I’ve written in earlier articles on the use of anti-virus applications. I currently only recommend Intego Virus Barrier for Macintosh as a comprehensive anti-malware solution.

Tags: airport, Security, wifi