How is the signal from laptop to router secure?

Wie Gehts · Aug 20, 2007

Well, new macbook and hooked it up via dsl (modem/ethernet cable)

So I was connected for a couple of days then started reading about security so I turned on firewall and stealth mode.

That in turn took me to the threads about wireless routers. Thats neat...I don't have to be tied to this pita cable. So today I bought a router.

I got this Linksys WRT54GS which I read about here and apparently is made for easy walkthrough set up.

So theres a firewall on the computer, the router has a firewall and that in turn goes into the dsl cabling network.

My question is, is what about the wireless signal the computer is sending to the router? How do you stop anyone else from intercepting that signal?

Thanks

Eraserhead · Aug 20, 2007

you enable WPA security on the router, and then it is encrypted with a password. It is probably secure in a similar way to buying stuff on Amazon.

peter32892 · Aug 20, 2007

All you have to do is put a wep key on it and your all good.

yellow · Aug 20, 2007

peter32892 said:
All you have to do is put a wep key on it and your all good.

Well, technically, WEP is quite weak and anyone who knows what they are doing can break WEP. This is why WPA and WPA2 were developed.

That being said, WEP will keep out the casual and amateur.

Wie Gehts · Aug 20, 2007

Eraserhead said:
you enable WPA security on the router, and then it is encrypted with a password. It is probably secure in a similar way to buying stuff on Amazon.

thanks

Hang on though, I thought that it was the computer thats sending all my keystrokes and whatnot to the router, not the other way around?

Wie Gehts · Aug 20, 2007

So this WEP/WPA2 thing encrypts the wireless signal form the computer?

yellow · Aug 20, 2007

Wie Gehts said:
thanks

Hang on though, I thought that it was the computer thats sending all my keystrokes and whatnot to the router, not the other way around?

The router must transfer the data you requested back to your computer. Like bank records...

Wie Gehts said:
So this WEP/WPA2 thing encrypts the wireless signal form the computer?

Err.. no, that's only half of it. WEP/WPA* encrypt the data transfered in a signal.
So all data from computer -> router, and all data from router -> computer.

Wie Gehts · Aug 20, 2007

OK ...great. I see. Thanks guys

Eraserhead · Aug 20, 2007

yellow said:
That being said, WEP will keep out the casual and amateur.

True.

yellow said:
Well, technically, WEP is quite weak and anyone who knows what they are doing can break WEP. This is why WPA and WPA2 were developed.

However WEP can be hacked in less than 60 seconds with a powerful computer like a Macbook, and you can find software to do it with a simple Google search, I believe there is even a project for hacking wireless networks on Sourceforge (its a security research tool

).

To sum it up, WEP is as secure as a base install of Windows XP (without SP2), except that less people can hack your wireless network as it isn't open to the entire world.

yellow · Aug 20, 2007

Eraserhead said:
However WEP can be hacked in less than 60 seconds with a powerful computer like a Macbook, and you can find software to do it with a simple Google search, I believe there is even a project for hacking wireless networks on Sourceforge (its a security research tool ).

Well, we both know how being able to perform a Google search can separate the "knows what they are doing" from the regular folks we see around here a lot.

StealthRider · Aug 20, 2007

If possible, use WPA2 Personal encryption, and disable SSID broadcast - this is the scheme I usually use when I set up home networks.

Rodimus Prime · Aug 20, 2007

also turn off your router broad casting its SSID. A lot harder to get on a network that is not broad casting it name.

The router in my apartment has several layers of protection on it.
First it has WEP which I know is weak but WPA has been hit or mess for me.
2nd my router does not broad cast its SSID which means you need to know the router name to even get on it.
3rd I have the wireless out put turn down to 10% which means you either have to be in my apartment or with in a few feet of the walls out side to even get on have a chance of getting on it.

Wie Gehts · Aug 20, 2007

Will do, thanks

Eraserhead · Aug 21, 2007

StealthRider said:
If possible, use WPA2 Personal encryption, and disable SSID broadcast - this is the scheme I usually use when I set up home networks.

True but if you don't broadcast the SSID, what happens if a friend comes round and wants to access the network, then they have to be told the name too.

DoFoT9 · Aug 21, 2007

Eraserhead said:
True.However WEP can be hacked in less than 60 seconds with a powerful computer like a Macbook, and you can find software to do it with a simple Google search, I believe there is even a project for hacking wireless networks on Sourceforge (its a security research tool ).

lol WEP2 aint take that long either. trust me, im a rat

(bananas in pyjamas anyone????)

sbluetruck · Aug 21, 2007

On my router at home i have WEP set up because it is "more universal" that is, people who come over can connect even if they have older devices that don't support WPA.

seeing as WEP is weaker, i have mac address filtering.
a mac address is the alphanumeric number, almost like a serial number, that is unique to every piece of hardware. no two have the same.
my router is set to block all users even if they have the correct WEP password. with mac address filtering, my router only allows computers and devices that have the correct WEP address AND the same mac address that is listed in the "exceptions" list.

to sum it all up, you've got to know the secret password and be invited to the party to use the internet at my house

if you can, try mac address filtering. it gives you a great peace of mind

DoFoT9 · Aug 21, 2007

sbluetruck said:
On my router at home i have WEP set up because it is "more universal" that is, people who come over can connect even if they have older devices that don't support WPA.

seeing as WEP is weaker, i have mac address filtering.
a mac address is the alphanumeric number, almost like a serial number, that is unique to every piece of hardware. no two have the same.
my router is set to block all users even if they have the correct WEP password. with mac address filtering, my router only allows computers and devices that have the correct WEP address AND the same mac address that is listed in the "exceptions" list.

to sum it all up, you've got to know the secret password and be invited to the party to use the internet at my house

if you can, try mac address filtering. it gives you a great peace of mind

lol im gonna wreck your peice of mind and say that mac addresses are easily tricked. its so incredibly easy. (just to break your bubble

)
not alot of people would kno about that tho i spose

Eraserhead · Aug 21, 2007

DoFoT9 said:
not alot of people would kno about that tho i spose

Interesting, clearly anyone who was into hacking wireless networks could do it. But it seems that the hackability of WPA is mainly down to people using simple keys rather than the technology itself.

sbluetruck said:
On my router at home i have WEP set up because it is "more universal" that is, people who come over can connect even if they have older devices that don't support WPA.

Anyone with XP or better can use WPA, so that isn't exactly a major concern.

yellow · Aug 21, 2007

DoFoT9 said:
lol im gonna wreck your peice of mind and say that mac addresses are easily tricked. its so incredibly easy. (just to break your bubble )
not alot of people would kno about that tho i spose

Easily spoofed, yes.. but you actually have to KNOW what an acceptable MAC address is on the filtered router. So, please don't make this out to be more than it is.

DoFoT9 · Aug 21, 2007

yellow said:
Easily spoofed, yes.. but you actually have to KNOW what an acceptable MAC address is on the filtered router. So, please don't make this out to be more than it is.

finding out a suitable mac address really isnt all that hard. there are so many programs.

yellow · Aug 21, 2007

DoFoT9 said:
finding out a suitable mac address really isnt all that hard. there are so many programs.

It IS hard, because in order to sniff, you have to be on the same subnet.
MAC addresses aren't routed. And clearly if you're not part of the MAC address filtering, then you're not on the same subnet, and you're not sniffing MAC addresses. The addition of WPA makes it pretty much impossible at that point.

If you want continue, you have to have an exploitable resource, and a handy exploit.

DoFoT9 · Aug 21, 2007

yellow said:
It IS hard, because in order to sniff, you have to be on the same subnet.
MAC addresses aren't routed. And clearly if you're not part of the MAC address filtering, then you're not on the same subnet, and you're not sniffing MAC addresses. The addition of WPA makes it pretty much impossible at that point.

If you want continue, you have to have an exploitable resource, and a handy exploit.

being on the domain is an exploitable resource, there are so many holes in wireless security it isnt funny. alot of home networks would not have mac address as a identifier, they would just have WPA, so its a simple process really.

yellow · Aug 21, 2007

DoFoT9 said:
being on the domain is an exploitable resource, there are so many holes in wireless security it isnt funny

What does "being on the domain" mean? Do you mean on the subnet? And agreed, wireless networking leave a lot to be desired in terms of security. However, convenience often wins out in that battle.

DoFoT9 said:
alot of home networks would not have mac address as a identifier, they would just have WPA, so its a simple process really.

Soooooo.. if they aren't using MAC address filtering, then what is the point of penetrating their network and sniffing/spoofing MAC addresses?

DoFoT9 · Aug 21, 2007

yellow said:
1.What does "being on the domain" mean? Do you mean on the subnet? And agreed, wireless networking leave a lot to be desired in terms of security. However, convenience often wins out in that battle.

2.Soooooo.. if they aren't using MAC address filtering, then what is the point of penetrating their network and sniffing/spoofing MAC addresses?

1.being on the domain means the subnet yes, technically you dont have to be on the 'domain' to be allowed access.

2. if there is no MAC filtering, then obviously one would skip it. im just saying that identifying that information is not all that difficult.

Wie Gehts · Aug 21, 2007

If I may break in here....

I spent the past 8 hours trying to figure out how to get this linksys router to work.
I could not get a network connection if I was hardwired through the router in the first place!

Then the tech support guy told me I couldn't use a mac with it unless I got on a pc and configured it from that.

About 5 hrs into it I managed to get the latest firmware installed,
but then got into big problems on the setup administration area.

Called tech support again and got a patient woman who walked me throught the whole thing from scratch and ..viola'...I'm on wireless.

Got mac firewalls going, got the routers firewall going and I gots my password.

But all my hairs gone from ripping it out

How is the signal from laptop to router secure?

macrumors 6502

macrumors G4

macrumors member

Moderator emeritus

macrumors 6502

macrumors 6502

Moderator emeritus

macrumors 6502

macrumors G4

Moderator emeritus

macrumors 65816

macrumors G4

macrumors 6502

macrumors G4

macrumors P6

macrumors regular

macrumors P6

macrumors G4

Moderator emeritus

macrumors P6

Moderator emeritus

macrumors P6

Moderator emeritus

macrumors P6

macrumors 6502

Our Staff