Way to Improve WiFi Security?

[inevit4ble]

Hi Every1,

Here at the school, where I work in the IT department, we are running a ethernet wireless network which is connected to all the 50 odd MAC notebooks that are utilized by the teachers and students.
We have had a few issues with securing the WEP password from personal computers as well as the password being accessed through the MAC key chain.

To stop the keychain and other functions being easily accessed we have introduced 2 accounts on each notebook, student and admin. When trying to view the wireless password from a student account it requests the admin password to do so, and we thought this was a solution, but we were wrong!:banghead:

A perticular student has made us aware to the fact that the keychain can still be accessed via the use of the student password with that login name.

I have exhausted very option I could think of as well as using to google to try find solutions for either removing keychain completely or how one can improve the wireless security from outside computers and have found nothing of use.

Can anyone assist me with an answer to greatly limit who can gain access to the network or how I can make keychain invisible?

We currently use remote desktop manager to monitor the macs and this is where we notice the unknown computer presents-es.

I really REALLY need a solution

[FootNote] I appologise if this is the wrong section for this post, I wasn't sure

 

[azareus]

So what is your problem exactly? As I read it, the students can see the
password to your wifi hotspot and logs in? I don't really see the problem.

Anyway:
Don't use WEP encryption. It is way to easy to crack, and is severely outdated.
Make all students remember the password instead of having it on a keychain.

 

[inevit4ble]

Ye, I've been told the WEP isn't the greatest so we've gotten the network guys to start working on that.

The problem is the students CAN see the password. We don't want them to as we don't want them connect personal devices, such as phones and personal laptops, because we cannot view such devices on remote desktop manager so we can't limit what they have access to online.

This is a problem because youtube and facebook pull a lot of the bandwidth so it causes other students to suffer who are trying to do research etc. This goes for gaming and porn as well. With the school-supplied MAC books we can at least, from remote manager, pull curtains over their screens, close pages and even shut the computer down if need be.

When they have a network issue they bring it to me and I reconnect them, but this isn't often as they do remember the network.


So bottom line is, we don't want the students to have access to the network at all, which they can access via keychain.

 

[Slapshot136]

make a MAC address white list?

 

[azareus]

make a MAC address white list?

Do this, but be aware that it is quite easy to spoof a MAC address, and students might help each other doing it.

 

[inevit4ble]

This is news to me...whats a white list?

 

[azareus]

A whitelist is a list over addresses that can use the network.
A blacklist is a list over addresses that can't.

In most router settings there should be a page called MAC Filter or something like it. You should be able to add MAC addresses to a whitelist from there.

 

[inevit4ble]

Ah...so basically only allow the IP's I want to allow to join and the rest can't. cool, will look into this. It might definitely be a solution

 

[inevit4ble]

Solved!
Thread Closed


Thanks All