PDA

View Full Version : Wireless Security



v1llage1d1ot
7th August 2005, 07:44 PM
I have an Airport Express Base station and I live in an Apartment building. I would like to know if there is any application that will tell me if / when someone logs onto my base station. I use a WPA type of connection / security. Is this very secure? I have looked at that app Kismac or what ever it is called, and i figure there are plenty of other apps like this for Windoze users. I want to keep my base station pretty secure so people cant use my internet or look at my files. I have reduced the power of my base station to about 25%, I still get full reception in my house, but hopefully other peoples range is limited.
I don't know if i have had a security breach yet, but I would like to prevent anything before it happens (I have had it running like this for almost a year though)

Thanks

dangelovich
7th August 2005, 08:08 PM
Some basic advice: Use WPA, and use MAC filtering if it's available.
And monitor your internet usage - that's usually what someone will be using if they get in...
... and use good passwords for the WEP/WPA - it just makes it take that little bit longer to get around.

Mac Aid
8th August 2005, 06:59 PM
As dangelovich suggests, use MAC filtering, although it's called access control on an Airport Base Station.

Also, change your password periodically, and make it large and not a word.

If it's a big appartment building, there will probably be someone else who is not as educated or security conscience as you who they will attack. Bit like the home alarm theory.

The Fluffy Duck
8th August 2005, 07:13 PM
This is what my friend does. He lives in an old house with about 5 think concrete walls. ITs soo good at protecting his internet he cant even get a connection in his room 10 meters away. lol :P

My advice is just use mac filtering and wep. But if they are determined to get in they will. nothing is 100% secure.

Mac Aid
8th August 2005, 07:18 PM
Originally posted by The Fluffy Duck@Aug 8 2005, 07:13 PM
My advice is just use mac filtering and wep.
WPA is more secure than WEP. You should only use WEP if you need to for compatibility reasons.

v1llage1d1ot
8th August 2005, 07:24 PM
This MAC filtering is where u enter each machines MAC address? So I enter my MAC thingy and my sister MAC thingy and then they should be the only computers that can connect to the base station?

Johnny Appleseed
8th August 2005, 07:52 PM
Is it even possible to penetrate a password-protected network if you don't know the password? I've told my friends that a password should be all they need.

That said, it's amazing how many people don't bother/know to password-protect their wireless network.

Mac Aid
8th August 2005, 08:28 PM
This MAC filtering is where u enter each machines MAC address? So I enter my MAC thingy and my sister MAC thingy and then they should be the only computers that can connect to the base station?

That's correct, although if you "sniff" enough traffic you can establish the MAC addresses used, and spoof them so you still need encryption


Is it even possible to penetrate a password-protected network if you don't know the password? I've told my friends that a password should be all they need.

Once again, with enough traffic, you can deduce a password.

Having said all this, it's a lot of effort and time to do this, so very unlikely in a residential environment (although more of a worry in a corporate environment). But that's the reason to change periodically the password. By using both these methods, you harden your network as much as you can in a home environment, and as there are so many people who don't bother, the "bandwith thief" is likely to just go somewhere else.

v1llage1d1ot
8th August 2005, 09:09 PM
The bandwidth thief as you put is my main worry at this stage. My ISP claims at I downloaded 12 gig of data in the last month, but Im pretty sure I havent been doin THAT much. I have an unlimited account, so its not a price thing, I was just blown away when I saw 12 gig downloaded in a month, where its usually 5 -7 gig.

Mac Aid
8th August 2005, 09:15 PM
Change your password, and add access control for your peice of mind.

Do you run any pier to pier filesharing software (such as Limewire or mlmac)? Some of those can be configured to download for other people, and of course it's easy to loose track of how many movies or whatever you have downloaded!

eyeLikeCarrots
8th August 2005, 09:30 PM
Originally posted by Mac Aid@Aug 8 2005, 09:15 PM
Peer to Peer not pier to pier.
Its all a matter of paranoia...

I run WPA with a very long password that gets changed every week.

I have MAC address filtering turned off and ffs change the default mangenment password for your AP.

Make sure that you have your host based firewall ON and with an absolute minimum of holes punched in it, stealth your ports too.

If you want to be uber secure, do away with wireless all together. Choosing to use wireless is an acceptance of a certain amount of insecurity that can only be mitigated, not prevented. Unless you can afford a faraday cage around your apartment.

vid
18th October 2005, 09:43 PM
Is there any application that you can use to see if anyone else is tapping into your wireless?

mjankor
18th October 2005, 09:46 PM
Yes.

http://www.versiontracker.com/dyn/moreinfo/macosx/10776

This may do what you're after.

Luren
18th October 2005, 11:48 PM
Originally posted by vid@Oct 18 2005, 09:43 PM
Is there any application that you can use to see if anyone else is tapping into your wireless?

Have a play with MyNet (http://www.adbas.net/software/MyNet.dmg), it will give you information about your network and the number of hosts connected to it.

The utility application WhatRoute (http://crash.ihug.co.nz/~bryanc/whatroute-1.8.14.dmg.gz) is very usefull, it has an IP address scan function as well.

B)

vid
18th October 2005, 11:52 PM
Thanks for your suggestions guys I'll give them a go.

Vid

DJY
19th October 2005, 12:16 AM
To see who is on your wireless network...
couldn't you just use SysStat?

and there under network interfaces lists all in the internal IP addresses?
It would list wired network interfaces there also I'd guess (I only have the PB).

It also has external IP address and a wealth of other very handy information.

saaaahm
19th October 2005, 02:33 PM
Originally posted by Johnny Appleseed@Aug 8 2005, 07:52 PM
That said, it's amazing how many people don't bother/know to password-protect their wireless network.
Haha, like the telstra shop next to my work, after work i go and sit out the front and use their wireless network to access the internet B) i think if people are stupid enough to leave their wireless network unsecured then i might as well take advantage of that, that being said i dont secure my wireless network either.

Kallikak
19th October 2005, 02:54 PM
We bought our new laptop (our first wireless enabled machine) and a Netgear wireless router at about the same time. I set them both up and like magic - we were connected and everything worked fine. But it turns out we'd connected to a wireless network from about 5 houses down the street! It was the same router and all, so I only noticed when I started to change things on ours. :)

It was *completely* insecure - no encryption, no MAC filtering, still the default admin password on the router!