MacPro as a secure WAP using in-built Airport Extreme

Question

MacPro as a secure WAP using in-built Airport Extreme

I have 4 Airport Express units all providing secure wireless access throughout my home (access for iPad and MacBooks). I have a new Mac Pro complete with the Airport Extreme functionality. I'd like to configure the Mac Pro as an additional secure wireless access point, but cannot find the right application with which to set it up. The Airport Utility, with which I manage the 4 Expresses, does not seem to be the right app. Is there another? Network preferences enables the creation of a computer-to-computer wireless network, but I have yet to find a way to make it secure. What am I missing?

Mac Pro, Mac OS X (10.7.2), 3.2 GHz Quad Xeon w/6 GB RAM; PLUS

Posted on Dec 30, 2011 12:56 PM

Reply

Answer 1

Linc Davis

Level 10

209,739 points

Dec 30, 2011 1:13 PM in response to Brian Williams2

You could use Internet Sharing in the Sharing preference pane to share the MP's Ethernet connection via WiFi, but it's not secure. Only WEP security is supported, which is essentially useless. You must have a very large home if four access points aren't enough.

Reply

Answer 2

Dec 31, 2011 3:59 AM in response to Linc Davis

No, it is a fairly small home. 2 of the Airport Expresses are located to provide optical audio connections to their respective sound systems (one in the living room, the other in my "home theatre," for want of a better term). 3 of the Expresses are of older technology, and I added the 4th (new generation) to see if performance with the iPad improved (can't tell). All AEs are Ethernet connected. It isn't really a point of needing another access point, it is about having the technology (or thinking that I have the technology) sitting there in the box (Mac Pro) and not enabling it. My 4 access points are hidden (no SSID broadcast), lengthy-password protected, and each with a list of MAC addresses that may connect, so they are as secure as can be achieved. I was thinking that the same type of configuration parameters should be available for the Mac Pro, since it is promoted as having Airport Extreme capabilities built-in. Thanks for joining this discussion.

Reply

Answer 3

bobwild

Level 4

1,640 points

Dec 31, 2011 4:26 AM in response to Brian Williams2

I like the way your are using the Airport Expresses for audio. I have an Extreme and two expresses that I use for audio and wifi extension. I just want to comment on your security. I hope your "lengthy-password" is not WEP and hope it is WPA or WPA2.

MAC filtering - does not provide any security from a person that wants to enter your wifi. A hacker can watch your wireless data and look for an authrized MAC make a succesfull connection. Then they copy that MAC address and by pass MAC filtering. From an article on wifi security "MAC filtering is absolutely worthless since it is one of the easiest schemes to attack. The shocking thing is that so many large organizations still waste the time to implement these things. The bottom line is, MAC filtering takes the most effort to manage with zero ROI (return on investment) in terms of security gain."

no SSID broadcast - You are not really hiding your SSID. You're only hiding SSID beaconing on the Access Point. From the same article "There are 4 other mechanisms that also broadcast the SSID over the 2.4 or 5 GHz spectrum. The 4 mechanisms are; probe requests, probe responses, association requests, and re-association requests." You are talking about hiding 1 of 5 SSID broadcast mechanisms. Nothing is hidden from someone who wants to enter your wifi and all you've achieved is making you wifi less user friendly and messed up wifi roaming if you are using it.

WPA is preferred over WEP because a hacker can break the WEP code in a few minutes. WEP is still better than MAC filtering and no SSID broadcast.

On my home wifi I use

- "WPA2 Personal"

- broadcast my SSID for friends and family and they have to ask me for the WPA password.

- no MAC filtering

- change my WPA password several times per year.

Reply

Answer 4

Dec 31, 2011 11:43 AM in response to bobwild

Hello bobwild, Thank you for your contribution to this discussion. It is a very eye-opening description of the weaknesses where I had perceived strengths. You are probably right that the lack of SSID broadcast and MAC filtering would not be an impediment to someone who is intent on breaking in, for whatever reason. It is much like the locks on the doors - they tend to keep out honest people; real criminals will find a way in. I still believe that there is much value, though, to suppressing the SSID broadcast. Even I have found myself in locations where I have taken advantage of an insecure access point because it had presented itself at a time when I wanted internetwork access. Had there been no broadcast, I wouldn't have connected, because I don't have the tools nor the experience to find such networks (nor do I have an inclination to get the tools or experience because I have no need for random access 99.9999% of my time). But, as you point out, it is no barrier to intentful thieves. Again, thanks. I learned a lot. Now, back to my question: how do I enable my new Mac Pro as a secure access point (WPA2 et al)?

Reply