How to secure your airport base station

By Ian Sidle

First, if you haven’t configured your base station at all, then you should find the airport software.

In os x, its kept in Applications:Utilities:Airport Admin Utility .
In os 9.1 , its kept in Applications (Mac OS 9) : Apple Extras : Airport
In os <9.1 then its in the same path, just no mac os 9 in applications.

If you don’t have the airport software installed (which is unlikely for all airport compatible mac’s came with the software on the hard disk) then install it with the cd that came with the station.

The screen shots are made from os x. Presumably the utility for os 9 is identical (or quite similar) but I have yet to try it in 9 (yet). Its in a (semi) interactive fashion.




Here is what all of the (security) buttons do




Access control

In here, you punch in the “Airport ID”. This is also called the hardware address and the mac address. Each airport and ethernet card is giving one, and it is unique to the card. This ensures. The address is labeled physically on the side of the card and also can be found inside “Apple System Profiler” (under network overview). It 6 pairs of two numbers separated by a semicolon or a period. For example, “ 12:34:56:78:91:12 “. This will ensure that ONLY your machines will be able to use the base stations. Other wireless devices will see its there, but won’t be able to connect .This can be used without encryption, although if your going this far you might as well use encryption anyway. The guard dog prevents you from getting to the door.

Enable encryption (using WEP)

This sets the encryption “key” which is used while communicating with the base station. On your airport “client” you must punch in the password (key) for it to work. Although a good thing is you can save it to your key chain so you won’t have to repenter it. The door requires a key in order to open.

Create a closed network

This prevents it from automatically showing up under the available base stations. This adds a little bit of security on making it “invisible” and not obvious of its presence. In order to communicated with the base station, you must manually enter in the name and the password, by selecting other. The door is behind a 10 foot wall.

Conclusion

There are various combinations you can setup the security. If your at home (and savvy enough) you can enable all the security If your at home, its probably just you (and a family member or two) so there is no reason not to enable the security. If your at a school or some other place that is giving public access, then things should just be let be. You could encrypt traffic but would just add more headaches. Don’t even start with manual hardware addresses.

If you are a business - well you have two choices. The first is you shouldn’t really have wireless there in the first place. There is “good enough” security for wireless (with everything on) but there has been some theory’s on how to get around it. For an house, I wouldn’t worry too much for your not a target. A biz is because someone might want to get confidential files or break into a server or worse. Its the same as if you were plugged in on the inside of the building except you can do it in the parking lot! If there MUST be wireless access, then I would turn on all the security settings (and preferably run a mandatory vpn), keep an eye out on who’s using it and change the WEP key every once in a while
Even if your at home, you should have SOME security turned on. The default settings have none what-so-ever. It would be like leaving your door open at night. With these security measures, you can make sure the door is locked tight.

This page is copywrite ©2001 Ian Sidle.All rights are property of their proper owners.