Comments on: stop stealing my wireless!

Question: stop stealing my wireless!

bash — Sat, 03 Feb 2007 13:19:18 -0800

I can't figure out how to get people to stop stealing my internet because I am computer-stupid.

I have a mac and my husband has a mac, and we have wireless internet, and I can't for the life of me figure out how to password protect my internet so that all my neighbors will stop stealing it. My network is listed as "default," and none of the software that came with my modem or router will work on my computer. I looked through askmefi, but couldn't find the answer. Help me.

By: cschneid

cschneid — Sat, 03 Feb 2007 13:22:46 -0800

Depending on the router you have, the control panel for it will be at a certain ip address.

Try typing in http://192.168.1.1 or http://192.168.0.1

If you get a password dialog, the username password pair is some combination of:
admin/admin
admin/password
admin/

Once you get into the config page, what you want to enable is 'WEP' (or WPA if you have it), and then give it a password that matches what it needs. Also, to change from default to something else, you need to change the setting 'SSID'.

Most routers have lots of help pages on the config screens to tell you what the options mean, you don't need 90% of the options. Good luck finding what you need.

By: chota

chota — Sat, 03 Feb 2007 13:25:48 -0800

Of course, to make the mac "just work" requires the mac base station. Then you'd be able to use the that nifty "Airport Admin" utility in your Applications folder.

By: phaedon

phaedon — Sat, 03 Feb 2007 13:34:50 -0800

cschneid is spot on, but since you claim computer-retard status, let me clarify what he's saying.

your router has a control panel that you can access by typing its "local address" using one of the computers hooked up to your "default" wifi signal.

once your in there, go to your security settings and try to set up some kind of protection - in the form of a key or password that will from that point on, be required to log in. so when you select your network, a window will pop up and ask you for the password.

the most problem-free way of doing this might be to use an ethernet cable to connect hardwire to the router to avoid any bullshit. this is because when you apply your new security settings, the wireless signal may drop.

By: chairface

chairface — Sat, 03 Feb 2007 13:36:48 -0800

cschneid is correct. The router's IP address (192.something) is also available in the mac GUI. In the network preferences panel, select "show: airport" from the top menu, then click the tcp/ip button. The router is shown there.

You should probably google on how to secure a wireless network but a brief summary for bare minimum security would be:

Connect to the router via a cable. You'll be changing the wireless settings, so managing it via wireless is not going to work.

Change the SSID to something other than the default it came with.

Change the administrator password on the router.

Enable WPA or WPA2. Pick a non-obvious password. You could use WEP, an older encryption standard, but it is very weak and actually harder to set up than the newer WPA standard.

I also suggest you change the SSID to something essentially random. So don't use your name, your address, or anything that identifies it as yours. Used something like "Grover" or "Moocow". It's a privacy thing.

Once you've set up a new SSID, new admin password, better encryption, and encryption password, you'll need to reattach your macs, which should be pretty straightforward.

If you want to get very serious about security, you can also disable SSID broadcast and use MAC locking, but let's not talk about that till you do the basics.

By: qwip

qwip — Sat, 03 Feb 2007 13:41:19 -0800

Yes, per cschneid's comment, you need to access your settings through your web browser. One thing to note is that a few routers out there don't work perfectly with Safari. So if you are using Safari and it gives you problems, try again with Firefox.

One thing you also should do is to to disable wireless SSID Broadcast (this is the name of your router that you see in the Airport menu list). You'll be required to type it in manually on the Mac to connect the first time you use it, but for all but the most persistent, it will be invisible to your neighbors who are just joining open connections they see being broadcast. Definitely change the name and add a WPA (if you can) or WEP password. If you don't, they'll still be able to connect even if you stop broadcasting the SSID.

Once you get in through the web page, the manual that came with your router should be able to show you what to do to secure it.

By: bash

bash — Sat, 03 Feb 2007 13:45:28 -0800

I'm using firefox. Safari blows. I'm not sure still how to set up the password, but I can get in through that IP address. Does the password go to the internet, or to the wireless connection? shouldn't it be the wireless? I'll give it a go.

By: bash

bash — Sat, 03 Feb 2007 13:47:59 -0800

It works! I feel like a wizard!

By: KimG

KimG — Sat, 03 Feb 2007 13:50:16 -0800

Can you help us with the brand and name of the wireless router? Without that it can be very difficult to help

By: bash

bash — Sat, 03 Feb 2007 13:54:51 -0800

it's a trendnet wireless router. I think it works now. I can't really tell. There's so many places you can put a password.

By: bash

bash — Sat, 03 Feb 2007 13:56:14 -0800

oh wait. It really works. I did an wpa password or something? is there a way to change the name of my network from default to something else? there are several default networks around here. Thanks everyone.

By: bash

bash — Sat, 03 Feb 2007 14:01:07 -0800

I just figured it all out. I would die without askMeFi. Or at least not be able to watch movies online on account of everyone stealing my internet. Thanks smart internet people. God, I LOVE the internet. It's so awesome. Thanks again.

By: concrete

concrete — Sat, 03 Feb 2007 14:01:56 -0800

What brand and model is your router? Knowing that can help us a lot, along the lines of what cschneid has suggested.

By: Rhomboid

Rhomboid — Sat, 03 Feb 2007 14:06:38 -0800

If you want to get very serious about security, you can also disable SSID broadcast and use MAC locking

Aaargh! Stop spreading such nonsense. WPA2 + PSK is all you need, forget the snake oil.

By: chairface

chairface — Sat, 03 Feb 2007 14:11:40 -0800

Thanks for calling me stupid via a link. I appreciate it. Sadly, Ou's article doesn't say how to secure a network. It's just unhelpful criticism that is easy to dish out.

By: Malor

Malor — Sat, 03 Feb 2007 14:16:58 -0800

There's no reason to disable SSID broadcast. There are several ways that your system identifies itself anyway. All disabling SSID broadcast does is remove the network from the initial browse list of remote clients. Any nefarious person can still tell it's there and can still break in if it's insecure.

Never use WEP. It can be broken in under five minutes by an average laptop in a car outside on the street. WPA and WPA2 are much more secure, but be sure to use a good, long password. There are brute-force password attacks starting, and because it's all wireless, you can't see them happening. A long passphrase (twenty or more characters) will make you much more difficult to attack that way, and you only have to type it in one time per computer.

By: Rhomboid

Rhomboid — Sat, 03 Feb 2007 14:41:45 -0800

Sadly, Ou's article doesn't say how to secure a network.

If you read the article at the bottom he provides a link to his Wireless LAN security guide.

By: Rhomboid

Rhomboid — Sat, 03 Feb 2007 14:42:50 -0800

And this one too.

By: Good Brain

Good Brain — Sat, 03 Feb 2007 16:45:17 -0800

Hiding your SSID just makes things more difficult for legitimate users. The only security it provides is blocking casual bandwidth stealers, something much better solved by actually turning on WPA. MAC filtering is just the same.

By: Taken Outtacontext

Taken Outtacontext — Sun, 04 Feb 2007 05:43:54 -0800

By: whatnotever

whatnotever — Sun, 04 Feb 2007 09:06:42 -0800

Taken Outtacontext, the only way I can think that would be true is if your visitors have older hardware that doesn't work with WPA. Some older wireless cards, and specifically their drivers, don't support WPA. I'd guess that anything sold within the past two years or so should support WPA (except some consumer electronics with built-in wifi, like media players and whatnot). That's just a guess, though, and it might be commonly supported in even older equipment, too.

Otherwise, WPA-PSK (WPA using a password) is exactly like WEP: you enter the password once and you're connected. I've put visitors on my WPA-protected network and joined others' networks with no problems.

By: dirigibleman

dirigibleman — Sun, 04 Feb 2007 09:22:03 -0800

When I was talking to Apple tech support when I recently set up a new wireless network with an Airport Express he said that WEP is good if you want people who come over to your house with their computers to be able to access your network. WPA is more appropriate when you don't plan on allowing anyone new into the network.

The only reason I can think he would say that is that WPA is a newer standard, and some cards that are, say, two years old or older might not support it. Otherwise, they both require a password, but WEP is trivially easy to crack. It's like giving your friend a key to your house, but your WEP house has a door that you just jiggle a little to open, while a WPA house has sturdy doors with deadbolts and maybe bars on the windows.

By: Good Brain

Good Brain — Sun, 04 Feb 2007 11:29:22 -0800

Taken Outtacontext, I'd say that in many ways, WPA is more appropriate for an environment where you might want to give access to friends. WEP doesn't define standards for using passwords/phrases as keys, so in many cases, you have to enter a hex code into any new device you want to join the network. WPA lets you use a passphrase, which is usually easier to remember, communicate, and type.

By: Rhomboid

Rhomboid — Sun, 04 Feb 2007 14:15:13 -0800

I think what they were getting at is that in order for WPA to be truly secure, you really have to pick a password that is a long string of truly random characters. Here is an example of a site that can generate such passwords. It's not very practical to tell your visiting friend, "okay the password is "}Xv5bqV%d#hu.p8Gbg1]nOhyzS[(8XzH)4lH|$>V2E>>^(MO-yo{6ZVoVV3u9*" so instead it's common to put it on a floppy or USB thumb drive which can be handed to the person. This is a bit more work, but it's truly easy once you've done it a few times, and it's not that much of a big deal if you want real security. Using WEP or using a "regular" WPA password (4 - 8 alphanumeric characters) is not true security.

By: Famous

Famous — Mon, 05 Feb 2007 00:58:32 -0800

It works! I feel like a wizard!

That is the cutest thing I have read on AskMe in a long time.

By: Taken Outtacontext

Taken Outtacontext — Sat, 10 Feb 2007 04:17:46 -0800

It did seem odd to me that he'd say that. Thanks for the info.