Apple AirPort Networks User Manual
Chapter 3
AirPort Network Designs
45
Keeping Your Network Secure
Your network is protected by the password you assign to it. However, you can take
additional steps to help keep your network secure.
additional steps to help keep your network secure.
Networks managed by Simple Network Management Protocol (SNMP) may be
vulnerable to denial-of-service attacks. Similarly, if you configure your wireless device
over the WAN port, it may be possible for unauthorized users to change network
settings. When remote configuration is enabled, the device’s Bonjour information
(the device name and IP address) is published over the WAN port. Turning off remote
configuration may provide additional security.
vulnerable to denial-of-service attacks. Similarly, if you configure your wireless device
over the WAN port, it may be possible for unauthorized users to change network
settings. When remote configuration is enabled, the device’s Bonjour information
(the device name and IP address) is published over the WAN port. Turning off remote
configuration may provide additional security.
To help protect your network and wireless device:
1
Open AirPort Utility, select your device, and choose Base Station > Manual Setup, or
double-click the device icon to open its configuration in a separate window. Enter the
password if necessary.
double-click the device icon to open its configuration in a separate window. Enter the
password if necessary.
2
Click the Advanced button, and then click Logging & SNMP.
3
Make sure the Allow SNMP Access and “Allow SNMP over WAN” checkboxes are not
selected.
selected.
Using Wi-Fi Protected Access
AirPort Extreme supports WPA and WPA2 security standard for wireless networks. Using
Mac OS X v10.3 or later or Windows XP with Service Pack 2, and 802.1X authentication
capabilities, WPA security delivers more sophisticated data encryption than WEP, and
also provides user authentication, which was virtually unavailable with WEP. If your
computer has an AirPort Extreme wireless card installed, you can take advantage of the
security updates in WPA2, including AES-CCMP encryption.
Mac OS X v10.3 or later or Windows XP with Service Pack 2, and 802.1X authentication
capabilities, WPA security delivers more sophisticated data encryption than WEP, and
also provides user authentication, which was virtually unavailable with WEP. If your
computer has an AirPort Extreme wireless card installed, you can take advantage of the
security updates in WPA2, including AES-CCMP encryption.
AirPort Extreme supports two modes of WPA and WPA2: Enterprise mode, which uses
an authentication server for user authentication, and Personal mode, which relies on
the capabilities of TKIP for WPA and AES-CCMP for WPA2, without requiring an
authentication server.
an authentication server for user authentication, and Personal mode, which relies on
the capabilities of TKIP for WPA and AES-CCMP for WPA2, without requiring an
authentication server.
Enterprise mode is designed for a larger network in which an IT professional is most
likely setting up and managing the network. In order to set up a WPA or WPA2
Enterprise network, an 802.1X connection must be set up first in Network preferences
on a Mac. To set up an 802.1x connection on a Windows computer, see the
documentation that came with your computer. The 802.1X connection requires an
authentication protocol, like TTLS, LEAP, or PEAP.
likely setting up and managing the network. In order to set up a WPA or WPA2
Enterprise network, an 802.1X connection must be set up first in Network preferences
on a Mac. To set up an 802.1x connection on a Windows computer, see the
documentation that came with your computer. The 802.1X connection requires an
authentication protocol, like TTLS, LEAP, or PEAP.
Setting up a WPA or WPA2 Enterprise network requires setting up an authentication
server, such as a RADIUS server, to manage and validate network users’ credentials,
such as user names, passwords, and user certificates. See the documentation that
came with the server to set it up.
server, such as a RADIUS server, to manage and validate network users’ credentials,
such as user names, passwords, and user certificates. See the documentation that
came with the server to set it up.