|
Hi all!
new to this site but hava a question. I have had my router set up for awhile now but want to make sure that no one else can access my network. Could someone give me a brief synopsis on how to do this. I am using a Belkin router along with a new MacBook. Thanks, any help would be great! |
Brief synopsis: Turn on WPA2 (if your router supports it) or WPA (if your router can't do WPA2). Make sure that your passcode is longer than 20 characters. 63 characters would be best.
Don't tell anybody your passcode unless you implicitly trust them. That should be enough. If you do that, the other stuff is just gravy. Trevor |
If you also want to limit anyone from physically accessing your network, I would use a unique login username and password for the router. Just a thought! :)
|
I use a Belkin router too. I like the mac address filtering under the firewall section. Basically you input the mac address of the computers you want to allow access to your network. Any computer without one of the listed mac addressess cannot get on the network.
You can find the mac address for a computer in the network preference pane under the ethernet tab - it's the number next to the "ethernet id". Note that you'll have different mac addresses for the ethernet connection and for the airport connection of your macbook, so you should input both numbers into the belkin router. |
regulus6633, MAC address filtering is easy to crack. If used in addition to WPA2, that's fine--the WPA2 will be sufficient protection. But if it is used instead of WPA2, then the network is exposed to script-kiddie crackers.
Trevor |
Adding restrictions a good idea
if you have a fair idea of who needs to have access, and using MAC ids is certainly a good way. But WPA2 also prevents the possibility (or makes it more difficult) for parties to intercept the network traffic with snoopers and gain access to data without joining the network, so it has some additional security advantages beyond just keeping someone from borrowing your signal.
Joe VanZandt |
MAC filtering is NOT a good way to secure a router. It provides only protection from casual or accidental use, it doesn't stop someone who wants to get on for whatever reason. Even WEP offers a better challenge than MAC filtering.
|
If someone wants to secure any device, the best way to do so is through Layered Security. All of the suggestions provided thus far have their own merit and when working in conjunction with one another should provide an even better protection scheme than any one of those suggested working alone.
|
I've got this WPA2 bank vault, but for extra protection I've paper-coated it with MAC address filtering. So someone across the room from the vault won't be able to see details of it. Of course if they are already in the room with the vault, they could just come up to it and tear off the paper coating of MAC address filtering!
WPA2 is very secure. MAC address filtering is easy to crack. If you want to use both, go right ahead, but it's the WPA2 that will keep you secure, not the MAC address filtering. Trevor |
you can also turn off dhcp, and manually assign ips to your computers. make sure you don't broadcast your signal as a dhcp server and then just allow the ip range of machines on your network. Then no one outside will get assigned an IP by your router and if they manage to actually figure out your ip scheme (by cracks, hacks, scripts, whatever) there would be an IP conflict. that is of course if you made your ip range limited to the computers you only wished to connect.
wpa is the way to go by far this is just a suggestion to add to security. also make sure to change your log in on your router. if you don't do that all anyone has to do is telnet into your router and do a master reset, disabling all secuirty options. |
Hahaha, that's funny, I just hopped on such a system at lunch. Connected but no IP. Gave myself a manual address and I was all set. I needed to look some directions while having lunch.
If you have WPA, this other stuff won't add security. If you use the other stuff instead of WPA, you have no security. |
Quote:
http://www.computerworld.com/securit...,89861,00.html http://www.cisco.com/en/US/netsol/ns...08033a411.html Saying that layering additional security features on top of what you already have will not protect you in any way is simply ridiculous. Network Security Engineers at Lucent, IBM, Level3, ATT, Cisco, etc all agree that layered security is, by far, the best option available. Saying that it is not is basically telling thousands of security engineers around the world that their security implementation schemes are wrong. Good luck with that. |
Quote:
its definitely not fool proof but it does add to security |
Quote:
The security added by MAC address filtering is trivial. While it is, in a general sense, important to use layered security, this particular layer of MAC address filtering, is so trivial to break that it is essentially meaningless. It may keep your grandpa out, but it won't keep out your grandson. See my explanation above comparing WPA2 to a bank vault and MAC address filtering to a layer of paper. The paper doesn't really add a meaningful layer to the security of the bank vault. If you encrypt your data on your computer, in addition to using WPA2, for example, that is a meaningful layer of security, and valuable. If you are behind NAT and have a strong well configured firewall on your computer, that is a couple of meaningful layers of security. If you don't open unneeded services on your computer, that is a meaningful layer of security. If your user account password is long and secure, that is a meaningful layer of security. Layered security is an excellent idea, and network security engineers from Lucent, IBM, Cisco, etc. can agree on that. No problem. But the amount of security afforded by this specific layer--MAC address filtering, is trivial. Don't ever put any trust in that layer by itself. In fact, I'm not sure why you would even bother with that layer, given how easy it is to crack. Trevor |
I always set MAC filtering on top of WPA2 on client's wireless systems. Without a listed MAC address, a user can't even get to the point of trying to guess the passphrase.
|
Quote:
WPA is essentially unbreakable given a proper passphrase, so anyone who can break it definitely will not be slowed by childish games. Those serve only to annoy the proper users. |
anakyh71, be careful you don't step in any of the BS.
MAC filtering serves a greater purpose, IF DONE CORRECTLY, at the LAN level. Combine it with a router based firewall, wireless security, and an intuitive IP address map, no one from outside you're LAN will be able to access your AP unless they have A LOT of time on their hands. Please remember that the majority of people in this world don't even know what the heck a MAC address is. This person simply wanted a basic feature set that helped secure her router TO THE BEST OF HER ABILITY. Cheers. |
turning off dhcp and only allowing a very specific IP range on your network is a security feature. Then set up a filter to only allow said ip addresses. Like i said its not fool proof, but it helps overall in security.
|
Since the same process used to crack WPA would immediately also gain access to the valid address range, it does not add security.
|
Quote:
yes but not everyone walks around with a wpa cracker on their wifi system. |
Right. So using WPA is enough, and the rest of the stuff adds no security. That's the only point I was making.
|
I've enabled "WPA2 and WPA (PSK) (recommended)"
with "TKIP and AES (recommended)" as the encryption on a US Robotics router I've entered a nine letter (no other characters...may change later, right now I just want it to work) pass phrase. On my mac OS 10.2.8, when I try to connect to the network, I'm prompted for a password. I enter it exactly (case sensitive) and I get the unable to join network message. When I disable the security feature on the router, or simply use the mac address filter, I have no problem getting on or staying on the network. When I'm prompted for the password on the mac, I notice there is a pulldown menu on the word password allowing me to choose WEP or some other stuff. I dont see WPA or WPA2. Is it possible my g5 doesn't support the WPA encryption? Please help! Thanks! |
Quote:
You can usually get a copy of older versions of OS X on eBay quite cheaply. Make sure that you get a retail version of the CD, not just an upgrade or "restore" disk (that came with some particular model of Mac). |
Happened to find this. It confirms Panther is required for WPA. If you have Panther, WPA is supported all the way back to the original AirPort card.
|
Hi All.. If you live in an apartment as I do, then dozens of people are within range of your network… I wan't careful enough when setting up a wireless network last week… it's all very new for me. It looks as if it's been hacked/cracked already, going by the stats from my ISP user page, which shows 60MB or 70MB usage on several days (and that's not believable).
One of the wireless networks nearby is an open network. That's a bit suss I think… or maybe I'm just totally paranoid by this point… totally out of my depth at the moment! When I first set up the Router I used the security type shown at the top of the list (WEP) but changed to WPA the next day. That is.. WPA2 Personal on the machine connected via Ethernet to the Router (a MacMini) and WPA on the other 2 machines (a G4 and a Ti laptop, both with 3rd party wireless adapters). At first I blamed the high usage on our kid but she says she's only been using MS Chat and not downloading large images or sound files. But one day our usage was 70MB during 24 hours when she wasn't around. Unfortunately the ISP page doesn't show the exact times, so I can't be totally sure. Sadly, I didn't change the default Admin password on the Router until a couple of days ago, and then also changed the Network password to a 14 alpha character password. Two days ago (morning) I set the router to exclude all but the MAC addresses of the computers in the network… (afternoon) I changed the Admin password, reset the Network password to over 20 alphanumeric chars and turned off the broadcast of the SSID. I have a horrible feeling that by doing it in that order, I handed the Hacker (if there is one) all our MAC addresses. Our usage was 9MB today. Only email was checked, and nothing had big attachments. I've now switched off Airport an all machines and reconnected the MacMini to the ADSL modem (without the Router). The end of our network for the time being. But if the system was being hacked – will it still be hacked even without the wireless connection, or will it be too much trouble for the Hacker do do it another way? I'm assuming I'll have to a clean system reinstall on all machines, and set it up things again using the kind of things that people have suggested in this thread (really useful , thanks) e.g. turn off dhcp, manually set the IP addresses and filter for those addresses. I'm still not clear about some things though.. should I use the Mac firewall, even though the Router's meant to provide that? Any advice about doing that? I've been looking at the Router setup pages a fair bit over this week, and I never saw anything that indicated they'd been changed. But I can't think of anything to account for the high bandwidth usage, which only started after the Wireless Network was running, other than a Mac virus or worm. I haven't got any antivirus software running, so I guess no matter what I'll get Norton AntiVirus or similar and use it from now on. Can anyone recommend an intrusion detection app for Mac? Would a product like Norton Personal firewall offer additional protection? Which logs on the Mac should I be looking at, that might give me other useful information, e.g. how much traffic has been happening via MS Chat? Sigh. MeredithK |
| All times are GMT -5. The time now is 09:49 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.
Site design © IDG Consumer & SMB; individuals retain copyright of their postings
but consent to the possible use of their material in other areas of IDG Consumer & SMB.