There are many layers to securing your Apple products as well as many techniques. From simple best practices when setting up user accounts, to creating secure disk images for your most private data, to setting up some boundaries for your family’s home computing use. But even if your device security may be solid, your wireless network may not be. There are some key features of Apple’s AirPort networking technology that, if used properly, can provide ample security for most households.
Apply Software and Firmware Updates
While many check for iOS releases and Mac OS X updates, it is a little less common to remember to update your AirPort products. In addition to the security updates that you get with OSX and iOS releases, there are actually two additional components that you need to track of, the AirPort Utility application, and your AirPort products’ firmware. To determine if your AirPort devices are all up to date, launch the AirPort Utility and select “Check for Updates…” from the AirPort Utility menu.
Setting Up Your Wireless Network
There are five basic things to keep in mind when setting up your wireless network. Once a device is on the network, these settings will not make any devices themselves secure from an attack. These particular settings will just make it a little harder for rogue devices to find and connect to your wireless network. To access these settings, launch the AirPort Utility, select your AirPort device from the left and click on “Manual Setup.”
- Disable WAN Setup — This feature of AirPort allows one to configure their network from the internet. By disabling this feature, you will be limited to applying updates from inside your network. This setting is located on the AirPort configurations under Time Capsule or Base Sation (depending on which product you are configuring):
- Set a Hidden Network Name — While many network client access software packages seem to do a pretty good job of locating hidden networks, it is still a good idea not to broadcast your networks name. This setting can be found under the AirPort configurations under Wireless, by clicking on the Wireless Network Options button:
- Use WPA2 Encryption — Wi-Fi Protected Access II (WPA2) is now mandatory on all Wi-Fi devices. It is based on the IEEE 802.11i standard which includes “government-grade” data encryption. It’s much more effective than either WEP or WPA protection. This setting is located on the AirPort configurations under Wireless:
- Choose a Strong Password — Apple provides a password assistant to help you establish a strong password for your network. Be sure to use a mixture of uppercase, lowercase, numbers and characters when choosing your password. It is also a good idea to use at least twenty characters. When setting your WPA2 security settings, click on the Key icon to display a password helper:
- Establish MAC Address Filter — This configuration when used properly can be thought of as a managed list of exactly which devices will be permitted on the wireless network. If your device’s MAC address is not on the list, it will not be alb e to joint the network. This is only manageable when working with a finite number of devices on a network that has the same users day in and day out, which is often the case in a home. This setting is located on the AirPort configurations under Wireless. Click on the “plus” sign to add a new device. See the next section for advice on finding your device’s MAC address.
Determining your MAC Address
A Media Access Control (MAC) address is a series of six groups of two hexadecimal digits separated by a colon. On a Mac, you MAC address can be found by clicking on the Apple in the upper left corner of your menu and selecting “About This Mac.” From there, click on the “More Info…” button and navigate to the “AirPort” section under “Networking.” Be sure that your AirPort is turned on in order to see the settings. On your iOS device, launch the Settings App and navigate to “General” then select “About.” Here you will be able to locate the Wi-Fi address.
Securing Your Devices
This gets a little more complex as it depends on how functional you want your devices to be on your local network. As soon as you start sharing printers, files, and screens, you open up each device a little more and make it less secure. Enabling Bonjour services, allowing remote login, and configuring services like Back to My Mac over the internet also compromise security. If you want maximum protection, the only option is to disable all of those services, block all incoming connections, turn on your firewall and enable stealth mode. For most users, of course, this is probably overkill, so pick and choose these options based on how you use your network.
With all of the new Apple products and other connected devices available, it is quite a hassle to register each devices MAC address as well as configure your hidden network settings with a strong password. But once set up and configured properly, you will have about as secure a network as is possible for consumer-based, off-the-shelf wireless security.