2 Replies Latest reply: Dec 27, 2012 2:55 AM by AppleMacCider
AppleMacCider Level 1 Level 1 (0 points)

Hi All

 

I have recently had my credit card cloned and want to set up a more secure wired and wiress network.  I currently have my AEBS wired directly to the BT Openeach modem (BT are my internet provider).  The AEBS is used for wired connections to my Mac Pro and the family PC.  We have various other iDevices and PS3s in the house which all use the wiresless network.  I also only allow know IP addresses to use the wireless network to improve security and to set my son's friends logging in to the wireless network.

 

Talking to a friend recently, he sugested about having a two separate networks - one wired (Mac Pro) and wiressless netork for PC and all other wireless devices using two routers and a subnet.

 

Is this possible and how to I set it up.  The most important features for me will be to make as secure as possible to use my credit card online as well as online banking.  To only allow authorised wireless devices onto my wireless network and to also monitor the content on my son's iDevices and block any harmful sites or adverts within other websites.

 

Any advice or help will be greatly appreciated.

 

Many thanks

Matt


Mac Pro, OS X Mountain Lion (10.8.2)
  • BigBopper Level 1 Level 1 (120 points)

    Apple has some good support material on setting up secure networks. Start with http://support.apple.com/kb/VI25 and http://manuals.info.apple.com/en_US/airport_extreme_5th_gen_setup.pdf

     

    I wouldn't bother with putting the wireless devices on a separate network. If you really isolated  them, you wouldn't be able to share anything between the wireless devices and wired machines. That is unlikely to be the source of the problem anyway.

     

    Make sure that you select the more advanced security options. The guides above will help you. Change all default passwords. If you really want to lock down the wireless network, limit access to specific MAC addresses. Maybe that is what you meant by IP addresses.

     

    The real concerns are about how you use you credit card and bank account information as well as general computer hygiene.

     

    Never click on a link in an e-mail message and then provide sensitive information. Give your credit card numbers only to companies that you trust and only using web site URLs that you enter yourself. Banks and credit card companies normally don't send emails asking you to sign in, Often, those kind of emails are really phishing attempts that take you to fraudulent sites that mimic the look of the real ones.

     

    Make  sure that you are always using HTTPS when you provide sensitive information on the web.

     

    Don't store credit card numbers on your computers unless it is encrypted. I use 1Password for this.

     

    Don't share computer log in accounts. Make a different one for each person in your household.  And have a separate account for computer administration. Turn off admin privileges on the normal user accounts.

     

    Never install software unless it is from a reliable source. Since you are running Mountain Lion, do not turn off or bypass the security that blocks software installation from untrusted sources.

     

    Don't allow your kids or guests to install any software. "Free" games are a way that malicious software gets installed.

     

    BTW - I don't think you mean to say that your credit card was "cloned." Doing that would require physical access to the card to copy the mag strip data. And I hope that you have reported the fraudulent charges to the credit card company and requested a new card with a new account number.

  • AppleMacCider Level 1 Level 1 (0 points)

    Thanks BigBopper for taking the time to reply with so much information.

     

    Thankfully my Bank alerted me to the fraud as soon as it happened, and only agreed the initial payment less than a £1.  After two other large US Dollar transactions were requested for payment but declined by them as inconsistent with my usual spending or country of residence, they blocked the card.  As they are leaders in this technology, I am happy to still use my credit card online.

     

    As I work with security all day long, I have already done many ot the things you listed, but it's good to see someone remind me so I know I am doing the right thing and not just completely paranoid.  I think as we all get older, we become more cynical of certain things and IT Security is one for me.  As a result, you try and lock down everything. The card was used in the US, so I believe they don't use Chip and Pin as we do in the UK so I do now feel the card was cloned in the UK using a card terminal where I had purchased something in person.

     

    I only buy from well known websites, or ones recommended by family and friends only.  If I don't know the site, I look for a trusted review type website for feedback first.  Most of my software is downloaded from the App Store anyway.  Firewall settings are to the max.  I have designed websites before so have a good idea when you see a page whether it looks like it could be a fake page.  My sons and wife only use the guest log-in so are limited to what they can do, and my log in is password protected.  They mainly use the Family PC as I use my Mac for work and video editing. 

     

    If I don't know the person or company the email is from it gets deleted.  Most spam or rubbish email is deleted on my friend's server where my email is hosted.  I would never open anyway any of the emails offering free items, drugs and medicines, discounted ipads etc.  Mail has a trusted list of email address and everything else gets trashed.  I do check this from time to time just to check haven't missed everything. 

     

    My Airport Extreme is already set up for specific MAC addresses for various iDevices around the house and for family and friends when they want to use their devices when over at our house.  There are time settings during the day so children can't use them out of hours.

     

    Is it worthy chaning the wireless network password regularly if someone could maybe read the information from packets transmitted from my AEBS?

     

    Thanks again for you help

    Matt