|
|
why didn't i do this before....
|
|
|
|
Senior User
Join Date: Mar 1999
Location: Uniontown, OH
Status:
Offline
|
|
i'm typing on my ibook with the airport card and netgear router i got for christmas. this is so cool....i can't believe i waited this long to go wireless. now to learn more about wireless networking.......
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Feb 2001
Location: a mile high, strapped to an oxygen tank
Status:
Offline
|
|
There are some security precaution I would recommend for you (if available on your particular router):
1) Change the default IP scheme from 192.168.0.0/24 or 192.169.1.0/24 to a different RFC1918 address range (any 10.x.x.x, 172.16.x.x-172.31.x.x, or any other 192.168.x.x range. Keep the subnet mask of 255.255.255.0 the same). Since 99% of the home networks out there use either .0 or .1 for their networks, it helps to obscure your address and (marginally) protect against spoofing attacks.
2) Change the Wireless Network Name (or SSID) from whatever NetGears default is to something else (like "ChitoWorld")
3) Set the Wireless Network Name (or SSID) to non-broadcast so your neighbors can't see your network when they turn on their wireless gear. You will have to hardcode it in AirPort but helps keeps others out.
4) Define a WEP key and change it every 30 days at a minimum.
5) If your router allows it, use MAC address filtering. This will only allow Wireless Cards that are registered with the router to associate with it. To find your MAC address, open a terminal window, and type ifconfig -a. Usually the AirPort card is en1. The MAC address is after the word ether.
Example:
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULT ICAST> mtu 1500
inet 10.104.0.103 netmask 0xffffff00 broadcast 10.104.0.255
ether 00:30:65:12:34:56
media: autoselect status: active
supported media: autoselect
Why do I recommend all these settings? Because I live in an apartment building and can jump on a neighbors network that is fully open, no WEP and use "Linksys" as the SSID. Once they are on your network, they have full access to everything on your systems, the same as if they walked into your house and plugged an Ethernet cable into your hub/switch.
(
Last edited by siegzdad; Dec 31, 2003 at 01:37 PM.
)
|
iMac therefor iAm
|
|
|
|
|
|
|
|
Senior User
Join Date: Mar 1999
Location: Uniontown, OH
Status:
Offline
|
|
Thank YOU! I also live in an apartment building. Now I can't wait to get home so I can start getting some of this done. Thanks again. I've counted on these forums many times in the past, and again I'm not disappointed.
|
|
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Feb 2001
Location: a mile high, strapped to an oxygen tank
Status:
Offline
|
|
Thanks, glad it will help. The thing to remember with wireless is that it is VERY convienient, but VERY insecure. There is no such thing as a totaly secured wireless network, even with advanced technologies like 802.1x, LEAP, per-session WEP, etc.
The five steps I outlined above are pretty much the best you can do for a home network though.
And remember to change those WEP keys every month!
|
iMac therefor iAm
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|