Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Security | 10 comments | Create New Account
Click here to return to the 'Security' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Security
Authored by: eno on Oct 25, '02 12:33:26PM

With 10.2 Apple re-introduced the software base station feature back into the OS. Surely this has some kind of protection built in... doesn't it? Can't find any docs on it though... and until I do I am not going to get a pair of AirPort cards for my laptop and desktop combo.



[ Reply to This | # ]
Security
Authored by: barrysharp on Oct 25, '02 05:39:44PM

1) Use an Airport network password

2) Don't broadcast your Station ID so that others can't join your network

3) Config to allow only YOUR networked machine's MAC addresses

I don't know how one can see who's on your Airport network -- anyone know what tools are out their for this -- ie just like knowing who's logged into your machine via the 'who' terminal command.

I also don't know how you would stop a smart person from being able to 'sniff' the network. Encryption isn't necessarily safe from a smart person.

IMO I doubt is many home users have really secure data moving acroos home Airport networks -- so all of this network security stuff is of no real importance.

Regards... Barry Sharp



[ Reply to This | # ]
Security
Authored by: Morgoth on Oct 28, '02 12:02:42AM

I actually went cheap and decided to use my G4 as the base station. This is very easy to achieve: just get an Airport Card and set up sharing in System Preferences->Sharing->Internet. Unfortunately, it is equally easy for anyone in range of my signal to obtain a connection (any 802.11b WiFi device that can be configured using DHCP can get it).

Some notes of joy about Airport networks and Jaguar:
- Internet Sharing allows you to choose the sharing interface and create named networks with encryption
- USB printers are easily shared and automatically appear on connected computers
- Connected Jaguar computers can sub-share the connection providing a mesh network (very useful for offices with sparse layouts)

Some not-so-joyful notes:
- Apple really needs to enhance the Firewall configuration GUI. It only allows port blocking when MAC and IP based connection limiting are also extremely important.
- connected computers can only print to shared USB printers with default options
- Signal is generally weak and cannot pass through chimneys
- Actual bandwidth is nowhere near 11Mbits even without encryption (with Wallstreet Powerbook directly beside G4 I was only getting ~100KBytes/s over AFP)



[ Reply to This | # ]
Security
Authored by: Jaharmi on Oct 26, '02 08:50:42AM

Overall, the whole firewall-NAT situation seems to have changed in Jaguar. For example, the Internet Sharing feature seems to start a process called "InternetSharing":

/usr/libexec/InternetSharing

InternetSharing seems to be able to start the AirPort software base station up in "infrastructure mode" rather than "ad hoc mode." This is an interesting difference ... with "ad hoc mode," you have a computer-to-computer network. With "infrastructure mode" you have what amounts to a "real" wireless access point.

You could regain some security by configuring the OS X DHCP server (which I assume InternetSharing is helping to start/configure) to only allow certain MAC addresses. Every Ethernet and wireless card has a MAC address, and although many let you modify those addresses nowadays, it's at least one more form of security. Used in conjunction with other security measures, it can be more effective. I don't know how to configure it to do this yet.

To encrypt traffic, you can either turn on WEP, or you can use VPN. There are some tutorials over at AFP548.com that I want to try; they tell you how to operate a PPTP server or IPSec tunnel from Mac to Mac. With VPN, particularly IPSec, all of your traffic is transparently encrypted behind the scenes, and more securely (in general) than WEP. Still, that's not necessarily for those who don't want to mess with the Terminal.

It would be cool to see someone come up with a comprehensive GUI for all this, similar to the way Brickhouse was evolving for 10.1.

[ Reply to This | # ]