What every Airport (or other WiFi) Base Station owner should know about security.

Tempting though it is to plug in your wireless network and forget it, there are a few easy steps that can save big problems down the line.

Even been Wardriving? That’s when you take your wireless laptop for a spin around town in your car, running a program to detect and record wireless networks it finds. I did this for fun a few weeks ago, in part to test my own network security, and also to see what other folks were doing.

I have to say that I was unnerved at what I found.

Of the 70 wireless networks I found in a 30-minute ride, over 90% had no encryption enabled of any kind. The few that did used WEP encryption, which isn’t very secure. None of the networks used the superior WPA protection.

Over half of the networks still had their default names (also called SSIDs), such as “linksys,” “NETGEAR,” or “Belkin54g,” meaning they probably had their factory-default passwords as well. I could probably have easily joined these networks, unethically using their bandwidth for free, possibly downloading files from their computers, or worse, taken control of the wireless router. (Of course, I didn’t do any of those things.) To be fair, this is an unscientific sample. One of the many things users can do to help secure their wireless networks is to turn off “SSID beaconing.” In the Airport Admin Utility, this is a checkbox called “Create a Closed Network.” Simply stated, a closed network doesn’t announce itself to wireless clients; the clients must know the existence, the name, and the password of the wireless network to gain access. Any closed wireless networks (such as mine) wouldn’t show up in my sample. Hopefully a lot of wireless users are using this feature.

Here’s a quick overview of what you can do to keep unwanted visitors out of your wireless network. For even more information and details, see the MacActually’s article, “Ways to decrease vulnerabilities in a 802.11b wifi environment,” or Arnold Reinhold’s “Apple Airport and Wi-Fi Network Security.” Of course, the manual that came with your wireless router can help, as can Apple’s Airport Support Page, especially the linked documents, “Designing Airport Extreme Networks for OS X,” and “Managing Airport Extreme Networks.”

    Always change the default name and password on your new wireless router. Make the password hard to guess, and use lower and upper case letters, numbers, and punctuation marks. Turn off SSID beaconing – If clients can’t see your network, it’s harder to log into it. Enable MAC ID access – this creates a list of authorized clients for your wireless router. Any clients not on the list are denied access. It’s easier to set up than it sounds. Enable some sort of encryption, even if it’s only 40-bit WEP. 128-bit WEP is better. WPA is better still. If possible, turn off file sharing on your computers. If not possible, use strong passwords. In System Preferences / Sharing, turn on your Mac’s Firewall. This is especially important for wireless clients. If possible, place your base station high and near the middle of your house or building. This maximizes coverage indoors, and minimizes unwanted outdoor hotspots where unwanted clients can access your network. Keep your networking software up-to-date.

As for me, I’m going to upgrade my Airport Base Station to Airport Extreme (thus gaining WPA support and faster speeds)

Explore posts in the same categories: Mac FAQs

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: