Make Your AirPort Basestation Invisible
TMO Quick Tip - Make Your AirPort Basestation Invisible
by , 7:30 AM EDT, October 2nd, 2006
The only way to be one hundred percent sure that no one can hack into your network's wireless access point, or basestation, is to pull out the power cord. Since that isn't really practical, there are some other things you can do to keep unwanted people out of your wireless network.
The obvious security measure is to add a password to your Basestation, but you can also make the wireless part of your network invisible to most bad guys. If you are using an Apple AirPort Basestation, here's what you do:
- Launch AirPort Admin Utility. It's in Applications/Utilities/AirPort Admin Utility.
- Select your Basestation.
- Click Configure.
- Click the AirPort tab.
- Check Create a closed network.
- You'll get a warning that says your network won't appear in any computer's network list. Since that's exactly what we're going for, click OK.
- Click Update.
 AirPort's closed network option hides your basestation from most everyone. |
|---|
 Apple wants to make sure you know your basestation will become invisible. |
|---|
Most wireless access points have an option to hide them just like Apple's AirPort Basestation. The instructions that came with your access point should show how to enable this feature.
To connect to a closed AirPort network, do this:
- Choose Other from the AirPort menu icon.
- Enter the name of the network you are joining in the Network Name field.
- Choose the Basestation's password type from the Wireless Security pop-up menu.
- Enter the Basestation's network password in the Password field.
- Click OK.
 Choose Other from the Airport menu to join hidden networks. |
|---|
 Enter the name of the hidden network you want to join. |
|---|
Remember, there is no sure fire way to ensure that no one can ever gain access to your private network without your permission. But the more you do to protect your network, chances that some one will hack in are much lower.
if you have ideas for Mac related tips that you think other TMO readers might find helpful.
Observer Comments
jbruni that was a horrible analogy. I think this would be more akin to making your house completely invisible. Hiding the SSID is going to stop casual "hackers" and thats like 99% of the people who would try to hop on your network.
Guest, thats the whole point. If others do not know the network is there then they will not try to break into it.
as a casual hacker (NOT cracker, mind you - there's flippin' difference) ... the analogy wasn't that offbase. With even basic features of a net sniffer, you can see invisible networks plain as day. all you have to do is start the application.
not. really. hard.
a more thorough way to prevent users would be to limit the access to the node to only the ids of the computers meant to use it.
LOL. Sorry I didn't realize you had a "casual hacker" membership card. Thank you for disproving me with your scientific sampling of wifi h@x0r5. Way to differentiate hacker and cracker. That's like way l33t and stuff.
My point was mainly that disabling your SSID will make your network more secure in that there will be a smaller proportion of individuals that will be aware of the network and thus try to get on it. How much more secure? No idea. But however small, it is MORE secure. Which makes jbruni wrong.
I know you are just trying to amaze me with your awesome knowledge of networking and teach me that it won't make THAT much of a difference. I get that. Why do computer amateurs always feel the need to flaunt their limited knowledge? Well anyhow were you referring MAC address filtering? That is also good, but lets not forget that you can just run an application to get around that too... and crack WEP encryption...
Tue Oct 03, 2006 2:36 pm Subject:
I am no hacker or anything (my neighbors do call me a cracker but that's cause I'm white, nothing to do with computers at all), and have never had one person successfully get on my network. I have had people try to get on my network but my logs have never shown them to be successful.
There are 4 other wireless networks set up in my building, and I am the only one with full security (I've tried them all out). I figured since there is 4 other less secure networks in my area I am in the low risk category. 2 of the other networks use WEP passwords and one uses a WPA personal password, and one has no security at all.
DrShakagee has the right sense of this. A closed network or hidden SSID does not make you invisible enough. Its only purpose is to hide your network from the most basic level of cracker, like a wireless newbie who knows just enough to look around the neighborhood but hasn't learned about closed networks yet.
Once you use WPA with a good password, none of these other methods (MAC filtering, IP restrictions, closed network) are worth much. They are worth something if you are using WEP, which can easily broken, so you might want additional security layers. But if someone has the mad skillz to get through WPA, none of the other techniques will stop them at all. They'll just sniff and spoof.
Here's an anecdote. Recently I helped a computer-newbie neighbor set up her Windows laptop. I put it on her own wireless network. There's an Intel utility that came with her laptop and it's integrated with the Intel wireless chipset in her PC laptop. I was surprised to see my own "hidden" network in the list of available networks shown by the Intel wireless utility. I wasn't too concerned because I do use WPA.
So that's the story, it used to be that a closed network would have been visible only to someone who knew they needed to download a specialized stumbler to see invisible networks. Now you don't need a specialized stumbler, because more regular utilities see closed networks anyway.
A better analogy: Closing your network is like moving your loaded Mac Pro tower away from the living room window. While a thief casing the neighborhood can assume that all the houses in the neighborhood probably have similarly expensive stuff in them, the difference is that yours isn't advertised in public view.
Tue Oct 03, 2006 10:41 pm Subject: Re: It helps, but not much
QuoteAnonymous wrote:
Once you use WPA with a good password, none of these other methods (MAC filtering, IP restrictions, closed network) are worth much. They are worth something if you are using WEP, which can easily broken, so you might want additional security layers. But if someone has the mad skillz to get through WPA, none of the other techniques will stop them at all. They'll just sniff and spoof.
Exactly. Securing your network with WPA is definitely the way to go whenever possible. The other methods are not entirely worthless, but they are so easily broken that they will stop only the most casual intrusion attempts. WEP or a hidden SSID are easily circumvented using free software that anyone can find on MacUpdate, VersionTracker, or other common software directories. And don't forget to use a decent password. All the encryption in the world won't save you if the password to unlock it is your dog's name, or some random word chosen from the dictionary.
Of course, securing your network only protects the first hop your data makes away from your computer. Once it's out on the "real" Internet, all bets are off. No matter how your network is set up you should also use encryption whenever possible for any data your transmit (SSL for the connection to your mail server and anyplace you enter personal or financial information, GPG for the contents of your mail if you're sending sensitive information, and SSH (instead of Telnet) if you ever remotely access your computer). That way your data is protected all the way between you and its final destination.
Comments are currently closed. Please email the author instead.
Recent Headlines - Updated July 6th
- Mon, 5:28 PM
- Arlington Police Release Video of Apple Store Shooter
- 4:40 PM
- Deal Brothers - Apple Mac Pro 2.66GHz Intel Xeon Quad Core for $2,274.00 Delivered A/R
- 4:12 PM
- Product News - Babylon Upgrade Adds New Translation Features to Mac Dictionary App
- 11:17 AM
- Ted Landau's User Friendly View - Apple’s LED Cinema Display: A Too Short Story
- 11:11 AM
- Product News - Photo Recovery for Mac Adds Photoshop Support
- 10:39 AM
- Hot Forum Topic - iPhones in Education
- 8:47 AM
- News - Apple Employee Injured in Store Shooting
- Fri, 10:29 AM
- News - Apple Warns of Learning Interchange Security Breach
- 7:30 AM
- News - Happy Fourth of July!
- Thu, 6:07 PM
- TMO Scoop - Psystar Moves to Drop Bankruptcy Ahead of Apple Legal Battle
- 5:37 PM
- News - Uncomfirmed Reports Say Apple & Nvidia On The Outs
- 4:57 PM
- News - Microsoft Sick Over Barf Ad
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
Other World Computing: Big Deals on Big LCDs: 23" 'TrueHD' up to 2048x1152 + USB2 Hub & WebCam $279.99. Specials on 20" to 30" from $167.99. Freight from only $3.95! 
If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!
RamJet Memory: MacBook and MacBook Pro 4GB kits for $57.99! Mac Pro 4GB Kits $99.99! iMac and Mac mini 4GB Kits for $57.99! 1TB SATA Hard Drives for $109.99! Click hereFor the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
