tblair00 said:
I need some help securing our wireless network in the house. We have 2 PCs connected to a linksys modem/router. My iMac is wireless. We can see that some neighbors are using our wireless internet. How can I make it where only our 3 computers can access our internet? Thanks
What model Linksys router are you using? I'm using a Linksys WRT54GS wireless router. Not only can you make your router invisible to other people, you can also set it to only allow the computers you choose have access to it. Check out my blog post here:
http://mcproject.blogspot.com/
Here are the basic steps I take to secure any wireless network I set up:
1. Add a unique admin password for the router
2. Give your router a unique name (SSID)
3. Disable the SSID broadcast (makes your router invisible to other people)
4. Type your MAC IDs into the router's whitelist (not "Macintosh" ID but "MAC" ID; it's a networking thing)
5. Add security: WPA-PSK TKIP is good, WPA-PSK AES is better; use a good password
6. Change the broadcast channel to 11 (avoids neighboring interference)
7. If you're using B & G connection devices, switch the wireless mode to "Mixed"; otherwise use "G"
I'll explain each of these steps. First, your router has an access page (type in
http://192.168.1.1 into your browser if you're not familiar with this). Change the password on that; this way nobody but you can get in to change the router's settings. Next, give your router a unique name, called the SSID. This is the name that is broadcast wirelessly; if you have neighbors who use wireless too, you may see "Linksys" or "Netgear" on the available networks list when you go to connect wirelessly. After you have created a unique name, disable broadcast of the name ("disable SSID broadcast"). Your router will still be transmitting and receiving wirelessly; it just won't be advertising itself. This will make connecting Windows computers a little more tricky, since the Windows computers won't show the network in the list, but it's there; it's just invisible. You'll just have to manually add the network. It's easier to do in OS X.
After that, you'll want to create a MAC (not like "Macintosh") allow list. This is basically like a names list at a club or restaurant - unless your name is on the list, you don't get in. You'll have to add the individual MAC ID/address from each computer into this list. Basically, every network card, wired or wireless, has an individual digital fingerprint called a MAC address. Here's a page that shows you how to get the MAC address for your computer in various operating systems:
http://www-dcn.fnal.gov/DCG-Docs/mac/xp.html
On Windows it's called the Physical address. It's 12 characters long. If you're using the wireless card to connect to the Internet, make sure you write down that MAC ID and not the MAC ID for the wired (Ethernet) port.
So let's review what we've done so far: we've locked down security on access to the router itself by creating a unique password; we've given our router a unique name so people don't just type in "linksys" or "default" to hop on; we've made our router invisible to others by disabling broadcast of the router name (SSID), and we've told our router to only let computers on the list in the club (Mac IDs).
Next we need to add security for the Internet connection. We are going to require that each computer gives the router a password before it can access the Internet. If you have older computers, it's best to use WPA-PSK TKIP since it will support older cards. Personally, I have a G4 Cube using an 802.11b card and it doesn't support the newer connection standards. However, if you have only newer computers with 802.11g cards, you may be able to use WPA-PSK AES. AES is better than TKIP, but TKIP is still good. Don't worry too much about what they do; just realize that you have to add a password to either one and that it encrypts the information flying around your local network.
Now, in order for your computer to join the network, you will manually have to type in the router's name (SSID), set the encryption type (I believe WPA-PSK TKIP = WPA Personal; Apple has a different name for it than Linksys, but it still works), and type in the password. This way your Mac knows (1) what router to look for (even though it's invisible), (2) what kind of encryption it should be expecting, and (3) what the password to give the router for access is. OS X will store this information for you in the future so that you won't have to type it in each time you restart the computer. Also, the router will check to see if your computer is on it's MAC allow list by verifying its Mac ID.
Last steps now: change the broadcast channel to 11. Most people just leave theirs on the default (channel 6 or 7 or something); if you have neighbors, you may get interference as a result. Also, it's supposed to help with cordless phones and microwaves and whatnot (that may be made up). At any rate, it works for me. Last but not least, if you're using a mixed network (802.11b and 802.11g), set the network mode to mixed, otherwise just set it to G for better performance.
All in all, that will give you pretty good security. Whenever you're on a network, there is no such thing as a completely secure setup, but this is enough to make local hackers go to your neighbors instead of you. Your router is invisible, you have to know the admin password to change any settings on it, it won't let people on unless they're on the MAC allow list, it will ask each computer for a password when it connects, and it uses encryption. Not too shabby. If you have any other questions, just ask!