# Wireless Protection



## Backburner (May 16, 2006)

Hi,
I hope someone can help me with this, it is driving me crazy.
We have two iMacs G5 they were using the internet wirelessly via a protected network. I paid a guy a fair amount of money to come and set it up, because we are in an apartment area and it is easy for someone to use our network connection.
Recently we changed ISP and I had to change the router plus reset it. 
Now the network we had has gone, both computers connect to the net via something called wlan-ap. This is not protected, and I can't seem to change it ,I know it is open because a friend brought his laptop around and checked, there are several networks visible, all are protected except the one called wlan-ap and he logged onto the net using it with no problems. 
Is there any way I can set up protection for our network without calling in someone, again?
The router is a billion myGuard 7202G

Any help would be very much appreciated.


----------



## V0lt (Sep 14, 2002)

It's fairly easy to restore the connection you had before.

The easiest way I can think of to do it would be to connect the router to one of the macs via ethernet (category 5 cable), and refer to the instruction manual for the router as to how to configure it through safari or whatever you use to browse the internet- it'll be a number, specifically an IP address, that you'll type into the browser. Once you get in, there should be a section in the configuration page for wireless security. There you can set a new passphrase. I would recommend WPA-SK over WEP, it's much more secure. Afterwards you'll need to reconnect via wireless on the two g5 machines and configure the connection with the passphrase you used on the router.

Oh, and one last thing- if you wanted to change the name that shows up for your router (the one you get when the computer scans for wireless networks), it would be under 'ssid' in the configuration.

Good luck, post back with your progress.


----------



## drunkenmidget (Jul 19, 2006)

And if you're using Macs, you can't beat the ease of use of the Airport Extreme Base Station. I use one to network a 12" PB, 15" MBP, and an HP laptop. You set all of the security options via the built-in Airport Admin utility and create a MAC address access list (one of the best things you can do for security).

Just a thought if you don't mind spending $200...


----------



## V0lt (Sep 14, 2002)

You can make a MAC address filtering list on almost any router. Disabling ssid broadcasting helps too.


----------



## shuuhen (Sep 4, 2004)

The MAC address is actually just a hex number that can be read from transmittion and put in place of one's own MAC address.

Disabling SSID broadcasting doesn't help much either. It only hides one of 4 ways that the SSID is broadcast. You still have probe requests, probe responses, association requests and re-association requests.

Just make sure you're using good encryption. If you can, go with WPA. WEP is ok, but only if you can't go with WPA.


----------



## V0lt (Sep 14, 2002)

Of course, the MAC can be spoofed rather easily, but honestly I don't think it much matters. It'll be the first line of defense against people stealing your broadband, and it'll keep a lot of people away from the start. 

Best configuration is ssid hide, mac filtering combined with WPA-SK and configuration via wireless disabled.


----------



## shuuhen (Sep 4, 2004)

I used to have a similar configuration, but MAC address filtering doesn't give you any return for the extra administration involved. If someone has the ability to crack WEP or WPA encryption, they shouldn't have any trouble with MAC address filtering or finding the SSID. Also, if someone can't get around MAC address filtering or finding the SSID with broadcast disabled, I doubt they can get past WEP or WPA.

I think our networking guru has a link to an article somewhere...


----------



## V0lt (Sep 14, 2002)

Oh well, in my opinion I'd rather be invisible to the unelite. Maybe administration for you is more involved, but all that it takes for me is to type in the id in my client machines.


----------



## Backburner (May 16, 2006)

Thanks everyone for the input. It took me a fair while but I finaly sorted it out, and learned a lot at the same time.
I connected to the router with ethernet cable and, downloaded the pdf manual for the router and also the firmware (not sure if I needed to ). Once I knew that I could always get into the router with the cable I had a lot more confidence to go ahead and try different stuff.
I think what I have set up now is as good as I can do for a home network. I have MAC filtering on with the default setting on wireless to drop anything trying to get on that isn't in my list. I also have WPA set up with a strong password. It seems to work OK, if I remove a MAC address from the list, that computer cannot get into the network even though it has the password, and the other way around, if I try to get into the network with the wrong password I can't, even though the MAC address is in the router. 
One other thing I would like to do is to hide the actual network, can anyone give me a clue on this?
Thanks again for the input.


----------



## V0lt (Sep 14, 2002)

The ssid? Disabling ssid will make your network invisible to most, but not all. Look for a setting in the router that says something like "disable ssid broadcasting", and enable that option. You'll need to put the ssid into your client machines manually in order for them to be able to connect to the access point.


----------



## shuuhen (Sep 4, 2004)

On my router, I go to 'Channel and SSID' under the Wireless section on the menu. Then I just uncheck a box for 'Broadcast SSID'.


Fox, with my setup I just have to tell the computer the details of the encryption. If I turned off SSID broadcasting, enabled MAC address filtering, disabled DHCP, I would have a lot of settings to deal with. With a minimum of two operating systems per computer and having guest occasionally, I would have to add each computer to the MAC address list, look at what IP adresses are free and give a free one two each computer, enable encryption on each computer and tell them what the SSID is.

As far as the 'unelite', I don't really care if they can see me, since one who is not elite can't do anything to my network.


----------

