Secure Wireless

[tblair00]

I need some help securing our wireless network in the house. We have 2 PCs connected to a linksys modem/router. My iMac is wireless. We can see that some neighbors are using our wireless internet. How can I make it where only our 3 computers can access our internet? Thanks

 

[Say_Cheese]

Personally I use Mac Address filtering. Although it is sometimes easier to use WEP keys. However I can't give you info on how to set up Mac address filtering as it was so long ago that I did it that I can't quite remember how.

I'm sure that someone who can remember will be along soon to give advice.

 

[Kokopelli]

I would suggest setting up WPA. This will encrypt the traffic and prevent your neighbors from using your connection at the same time.

For MAC address filtering chances are the Linksys will list all current connections, write down the MAC fot your three machines and add them to The Mac fileter table then enable it.

 

[kaidomac]

I need some help securing our wireless network in the house. We have 2 PCs connected to a linksys modem/router. My iMac is wireless. We can see that some neighbors are using our wireless internet. How can I make it where only our 3 computers can access our internet? Thanks

What model Linksys router are you using? I'm using a Linksys WRT54GS wireless router. Not only can you make your router invisible to other people, you can also set it to only allow the computers you choose have access to it. Check out my blog post here:

http://mcproject.blogspot.com/

Here are the basic steps I take to secure any wireless network I set up:

1. Add a unique admin password for the router
2. Give your router a unique name (SSID)
3. Disable the SSID broadcast (makes your router invisible to other people)
4. Type your MAC IDs into the router's whitelist (not "Macintosh" ID but "MAC" ID; it's a networking thing)
5. Add security: WPA-PSK TKIP is good, WPA-PSK AES is better; use a good password
6. Change the broadcast channel to 11 (avoids neighboring interference)
7. If you're using B & G connection devices, switch the wireless mode to "Mixed"; otherwise use "G"

I'll explain each of these steps. First, your router has an access page (type in http://192.168.1.1 into your browser if you're not familiar with this). Change the password on that; this way nobody but you can get in to change the router's settings. Next, give your router a unique name, called the SSID. This is the name that is broadcast wirelessly; if you have neighbors who use wireless too, you may see "Linksys" or "Netgear" on the available networks list when you go to connect wirelessly. After you have created a unique name, disable broadcast of the name ("disable SSID broadcast"). Your router will still be transmitting and receiving wirelessly; it just won't be advertising itself. This will make connecting Windows computers a little more tricky, since the Windows computers won't show the network in the list, but it's there; it's just invisible. You'll just have to manually add the network. It's easier to do in OS X.

After that, you'll want to create a MAC (not like "Macintosh") allow list. This is basically like a names list at a club or restaurant - unless your name is on the list, you don't get in. You'll have to add the individual MAC ID/address from each computer into this list. Basically, every network card, wired or wireless, has an individual digital fingerprint called a MAC address. Here's a page that shows you how to get the MAC address for your computer in various operating systems:

http://www-dcn.fnal.gov/DCG-Docs/mac/xp.html

On Windows it's called the Physical address. It's 12 characters long. If you're using the wireless card to connect to the Internet, make sure you write down that MAC ID and not the MAC ID for the wired (Ethernet) port.

So let's review what we've done so far: we've locked down security on access to the router itself by creating a unique password; we've given our router a unique name so people don't just type in "linksys" or "default" to hop on; we've made our router invisible to others by disabling broadcast of the router name (SSID), and we've told our router to only let computers on the list in the club (Mac IDs).

Next we need to add security for the Internet connection. We are going to require that each computer gives the router a password before it can access the Internet. If you have older computers, it's best to use WPA-PSK TKIP since it will support older cards. Personally, I have a G4 Cube using an 802.11b card and it doesn't support the newer connection standards. However, if you have only newer computers with 802.11g cards, you may be able to use WPA-PSK AES. AES is better than TKIP, but TKIP is still good. Don't worry too much about what they do; just realize that you have to add a password to either one and that it encrypts the information flying around your local network.

Now, in order for your computer to join the network, you will manually have to type in the router's name (SSID), set the encryption type (I believe WPA-PSK TKIP = WPA Personal; Apple has a different name for it than Linksys, but it still works), and type in the password. This way your Mac knows (1) what router to look for (even though it's invisible), (2) what kind of encryption it should be expecting, and (3) what the password to give the router for access is. OS X will store this information for you in the future so that you won't have to type it in each time you restart the computer. Also, the router will check to see if your computer is on it's MAC allow list by verifying its Mac ID.

Last steps now: change the broadcast channel to 11. Most people just leave theirs on the default (channel 6 or 7 or something); if you have neighbors, you may get interference as a result. Also, it's supposed to help with cordless phones and microwaves and whatnot (that may be made up). At any rate, it works for me. Last but not least, if you're using a mixed network (802.11b and 802.11g), set the network mode to mixed, otherwise just set it to G for better performance.

All in all, that will give you pretty good security. Whenever you're on a network, there is no such thing as a completely secure setup, but this is enough to make local hackers go to your neighbors instead of you. Your router is invisible, you have to know the admin password to change any settings on it, it won't let people on unless they're on the MAC allow list, it will ask each computer for a password when it connects, and it uses encryption. Not too shabby. If you have any other questions, just ask!

 

[lala]

Hi I am new on the formum and new with my macbook osx.

lately my internet is very slow. i called the company who provides me with the internet, and he said that the connection was good, but that i had 25 sessions open and That i probbebly have a virus...so it is basically my own mistake that the internet is slower than a dial up...
it is never the fault of the internet provider, and always the mistake of my computer. is there any ways to find out if I have a virus? or to find the internet speed in my wireles network? i am however located in Tirana, Albania, eastern europe and have not yet been able to find a speed test for this part of the world...

I also tried to see if our network is open for neighbours, but if i type in
(type in http://192.168.1.1 into your browser if you're not familiar with this)
I just get to see a number, and i have no idea how to change the password on it...

Basically I do not understand computers at all, but as there are no "help servises" in this part of the planet, i have started get to understand this nice computer...

Any advice is welcome
l
l

 

[eric]

welcome to the forums lala,

for this issue, you may actually want to start a new thread. i think you'll get a better response than digging up this old one - though you get an "A" for effort for your first post.


also, make sure to note how you connect. you mentioned you have wireless. i'm guessing you have no security set up on it. do you have a manual for it? that will normally show you how to reset it and configure it if you lost a password (or never set one up).

once you get that far, helping you set up wpa or some other sort of security will be easy.