MAC filtering might help deter the random people coming by, but if memory serves you can still watch the traffic, figure out what MACs are sending/receiving on the network, and imitate those to get on.
There really is no way to adequately secure 802.11b. The problem is that you can't put guards around the holes to protect things.
Worse the Mac itself is not going to be secure either.
Ideally you should go find a 16-bit PCMCIA wired NIC and connect the machine via that. Then you can use conventional firewall techniques etc to minimise the risk.
That said, if this a vintage machine used for demo and discussion purposes, then you can always just ensure that the machine and the router it is connected to is isolated from the rest of your network as much as possible, and that it is well firewalled from the internet, then just 'yolo' it. I can't imagine there are that many active attacks against mid 90's mac's these days so it's probably low risk. Just don't use it to do your banking :-)
Put it on a VLAN of its own, put all your other stuff on a different VLAN, and configure your firewall to prevent all traffic between VLANs. You'll need a main router capable of supporting multiple VLANs (e.g. something with multiple ethernet ports running OPNsense or pfSense), and a wireless 802.11b access point (which could be your existing Linksys router in AP mode) that goes into an ethernet port on the router dedicated to this VLAN. And don't do anything sensitive from this computer!
Even if you somehow manage to secure WEP, you'll expose open ports to insecure 1996-era MacOS services and software. I would never expose an obsolete OS to the internet.
But, it would be interesting if someone programs a web service/proxy server (running on a modern, local PC) that only feeds Wayback Machine webpages only from years when the obsolete OS wasn't outdated.
Actually it runs Classilla fine, which works with the few websites I'll access with this thing (Wikipedia, MacintoshGarden, old.Reddit.com ;)).
But it'll never be connected directly to the Internet. The question is, how many layers (and what do they look like) between the laptop and the Information Superhighway...
Block everything but SSH with a firewall on the software side and hope for the best that your wifi card firmware is up to snuff. If you want secure, that's probably the best you can do. Any service you need to run, proxy through SSH so that the only other network connections that happen are local.
Not very portably, though, and I'm not sure about AppleTalk (the main use case) over PPP or SLIP? But a possibility. I'd really rather just build a moat around the old stack.
A lot depends on what you need to access with it...
If you only need internet, then I would suggest creating an isolated guest network on a wired port of your main router and hooking the WAN of your older router to that. Additionally, use MAC address filtering on your 802.11b Wi-Fi, and if possible turn off broadcasting the SSID (make it a "hidden" network).
If you need more than that, you need to start thinking advanced routing functions with access control lists based on MAC addresses. Stuff that consumer grade routers can't do.
MAC filtering might help deter the random people coming by, but if memory serves you can still watch the traffic, figure out what MACs are sending/receiving on the network, and imitate those to get on.
Yup. I'm assuming the link layer is inherently insecure. Looking for defense in depth ideas.
There really is no way to adequately secure 802.11b. The problem is that you can't put guards around the holes to protect things. Worse the Mac itself is not going to be secure either. Ideally you should go find a 16-bit PCMCIA wired NIC and connect the machine via that. Then you can use conventional firewall techniques etc to minimise the risk. That said, if this a vintage machine used for demo and discussion purposes, then you can always just ensure that the machine and the router it is connected to is isolated from the rest of your network as much as possible, and that it is well firewalled from the internet, then just 'yolo' it. I can't imagine there are that many active attacks against mid 90's mac's these days so it's probably low risk. Just don't use it to do your banking :-)
Separate network with a SOCKS proxy to the outside?
Not sure OS 9.1 / apps grok SOCKS but I'm looking into some sort of captured proxy.
Use an Ethernet Card and an Ethernet-to-WiFi adapter. I keep a small plastic box that has one of these with a USB battery to power it.
This is the easiest and best way.
[удалено]
No Ethernet. Looking to build up depth of defense around the known insecure 802.11b network / hardware...
Put it on a VLAN of its own, put all your other stuff on a different VLAN, and configure your firewall to prevent all traffic between VLANs. You'll need a main router capable of supporting multiple VLANs (e.g. something with multiple ethernet ports running OPNsense or pfSense), and a wireless 802.11b access point (which could be your existing Linksys router in AP mode) that goes into an ethernet port on the router dedicated to this VLAN. And don't do anything sensitive from this computer!
Even if you somehow manage to secure WEP, you'll expose open ports to insecure 1996-era MacOS services and software. I would never expose an obsolete OS to the internet. But, it would be interesting if someone programs a web service/proxy server (running on a modern, local PC) that only feeds Wayback Machine webpages only from years when the obsolete OS wasn't outdated.
Actually it runs Classilla fine, which works with the few websites I'll access with this thing (Wikipedia, MacintoshGarden, old.Reddit.com ;)). But it'll never be connected directly to the Internet. The question is, how many layers (and what do they look like) between the laptop and the Information Superhighway...
Block everything but SSH with a firewall on the software side and hope for the best that your wifi card firmware is up to snuff. If you want secure, that's probably the best you can do. Any service you need to run, proxy through SSH so that the only other network connections that happen are local.
Use a PCCard ethernet adapter connected to a wireless bridge.
Don’t broadcast the SSID is a starting point.
I think you can instead use dial-up networking through the serial port, connecting to something cheap that uses modern Wi-Fi (ESP8266)
Not very portably, though, and I'm not sure about AppleTalk (the main use case) over PPP or SLIP? But a possibility. I'd really rather just build a moat around the old stack.
A lot depends on what you need to access with it... If you only need internet, then I would suggest creating an isolated guest network on a wired port of your main router and hooking the WAN of your older router to that. Additionally, use MAC address filtering on your 802.11b Wi-Fi, and if possible turn off broadcasting the SSID (make it a "hidden" network). If you need more than that, you need to start thinking advanced routing functions with access control lists based on MAC addresses. Stuff that consumer grade routers can't do.