WEP, MAC Filtering,and Closed Networks
If you really want to lock down your network at the access point, you
have the following tools at your disposal:
WEP
encryption, filtering on MAC address (the radio
card's serial number), and running a closed network.
The three services are completely separate, so you
don't necessarily have to run MAC filtering
and a closed network, for example. Combining all
of these features may not make your network completely safe from a
determined miscreant, but will discourage the vast majority of
would-be network hijackers.
To set the WEP keys, click the Wireless LAN Settings
tab, and enter the keys in the fields provided. Also check
Use encryption and uncheck Allow
unencrypted data to require WEP on your network. Give a
copy of this key to each of your wireless clients.
With MAC
filtering enabled, the AirPort keeps an internal table of MAC
addresses that are permitted to use the AirPort. Click the
Access Control tab, and enter in as many MAC
addresses as you like. Only radios using one of the MACs listed here
will be allowed to associate with the AirPort. The MAC address of a
radio card should be printed on the back of it (a MAC address
consists of six hex numbers in the form
12:34:56:ab:cd:ef).
A closed
network makes the AirPort refuse connections from radios that
don't explicitly set the ESSID, i.e., clients with a
blank ESSID, or one set to ANY. To make your
network closed, check the Closed network box
under Wireless LAN Settings.
Remember that without encryption, all traffic is sent in the clear,
so anyone within range could potentially read and reuse sensitive
information (such as ESSIDs and valid MAC addresses). Even with WEP,
every other legitimate user can see this traffic. If you need to
restrict access to a user later, you'll need to
change the WEP key on every wireless client. But for small groups of
trusted users, using these access control methods should discourage
all but the most determined black hat without too much hassle.
Sections
Syndication
