how secure is wireless network Wi-Fi

Discussion in 'Mac Basics and Help' started by Cinch, Jun 13, 2006.

  1. Cinch macrumors 6502

    Joined:
    Sep 18, 2005
    #1
    Hi guys,

    I'm interested in doing banking/trading through my (soon to be) MacBook. It is an important thing to most of us, and to a few of us think it is more so than our significant other:D . Be that as it may, I have little knowledge of the inner working of internet security. I know to erase cookies, files, history often (daily), use Firefox instead of IE, recognize the padlock icon at the bottom right hand corner of the Firefox/IE window as a "secure" site.

    What else can I do when submitting sensitive information across a wireless network? I know this question have been address before, but I think as time goes by, I feel like I'm missing something new.

    Thank you in advance,
    Cinch
     
  2. realityisterror macrumors 65816

    realityisterror

    Joined:
    Aug 30, 2003
    Location:
    Snellville, GA
    #2
    It shouldn't be much of a concern. You should use encryption on your network (ideally WPA rather than WEP) at all times, but even so it's never secure. WEP passcodes can easily be "cracked" if someone is so inclined. WPA can be as well if you use a word as your password.

    However, the "little padlock" signifies that the identity of the site has been identified, and you have a secure, encrypted connection with the server. So even if someone made it into your network, they'd have another hurdle to jump.

    More info on SSL encryption
     
  3. Eniregnat macrumors 68000

    Eniregnat

    Joined:
    Jan 22, 2003
    Location:
    In your head.
    #3
    It’s good to be paranoid, and not unwarranted, but think of this, you put yourself at risk fiscal all the time and don’t take any greater precautions. Where does that receipt that you signed at a store go? Who has your PIN number, last 4 digits of your SSN, and your mother’s maiden name?

    If you’re worried about the wireless access point, just plug in when you do your banking. No encryption or strong ciphering is 100% unbreakable. No security measures are fool-proof. Do as people suggest, WPA personal at least.

    (Not much more to this rant) Keep in mind; it would take somebody actively monitoring your wireless LAN to get your info. How often does this actually happen? Be cautious. You lock your house/apartment, but don’t expect the lock to keep everybody out.

    Precautions, not in any order.

    1.) Don’t store your keys, passwords, etc in your browser. Use anonymous or private browsing. Turn off keylogers. You’re at great risk of loosing a laptop and having somebody scavenge information off of it. Clean cookies after use, and log off, don't just browse away or close your browser.

    2.) Use strong random login names and passwords. I like [UR= http://www3.autistici.org/rpg/]RPG[/URL]. OS X also has one built in, but it’s only for certain applications.

    4.) Store your random login names and passwords offline in an encrypted file. A USB key is good. If you’re not very paranoid, keeping it on your disk should be ok. Password Plus by DataVis works cross multiple platforms, uses industry standard encryption, can import and export encrypted key files, and has limited free trials. One trial is a light version, 10 passwords and numbers, and one is a full version that works for only 30 days. There are other password managers out there. In any case, if you have an iPod, you can store a copy of the software and your encrypted key file to use if your computer crashes. Why store them, it is more likely that a short memorable password will be cracked than somebody get your info from a disk, decrypt it and then get your info. If you can have a random name of 20 characters, and a strong random password of 12 or more characters, then use it.

    5.) Reduce your wireless liability. Don’t use wireless if you can, use a good old hard line. Use your home network if you can. Reduce the radius of your local wireless network to the minimum that is needed (that is reducing your transmission power). Use the strongest encryption only for your secure transactions. You can set up your base stations to have multiple configurations. Reducing your encryption load will speed up data transfers, and streams. It also keeps somebody from trying to break weak packets(not really an issue for Apple/Lucent chipsets) and from using brute force to decode packets. In a sense, you’re changing the locks to keep people from practicing picking them. If you’re out and about, use known networks, and use a sniffer like

    Kismac or iStumbler or MacStumbler. This will let you see if there are other pseudo-spoofed networks that have been created. It will also let you see your signal strength, and find sweet and dead spots at wireless hotspots. Kismac will also let you see what fairly ubickwitous tools can be used if one has more than one wireless card on a computer. (This isn’t to cause fear, just open eyes.) Do not automatically connect to wireless access points. It’s best to choose from a list.

    6.) Change passwords regularly. Change PINs semi-frequently. Change keys routeenly.

    7.) Don’t use your mothers madden name. Chose something else, any word will do, but something you will remember.

    8.) If given the choice of using your bankcard as a creditcard/checkcard or ATM, always choose credit/check. Why? If your information is compromised on a credit/check card, you can receive a partial or full refund. If your ATM card info and PIN is stolen, you’re screwed! Most banks do not offer any form of refund, and often have ridiculous rules that bourdon you with the proof that you kept your PIN safe. You should do this even at stores. Also try not to use non-major bank ATMs. If it looks shady, don’t use the interface.

    9.) Never submit corrections to your information via email prompts, unless you instigated the change!!! If you get an email prompt, ignore it and then contact the 800 number provided on your statement!!!!!

    10.) Verify security certificates. If your financial institution has let a security certificate laps, disconnect and call customer support. E-mail a nasty note. If they let you know that they are aware of the problem, they you can proceed. If not, perhaps you weren’t at the proper site. This is unlikely, but it happens.

    11.) Inspect the security certificates from time to time. If a bank is using a certificate that is good to lets say 2026, let them know that they suck. Certificates should be renewed periodically, to take into account changes in their system, your system, and to provide better security.

    12.) Opt out of “Can our affiliates send you x,,y or z info?” These lists are purchased easily and by anybody. It can be a great way for somebody to attempt to intelligently fish for information.

    13.) Erase the free space from time to time on your computer. It’s just good practice.

    14.) Check your credit reports. It’s free once a year from the big three.

    15.) Use common sense. If you are uncomfortable with something safe, do it the old fashioned way, or at least contact customer support.



    Don’t be paranoid. The odds of anybody storing packets you send and receive is very small. The odds are greater that somebody will break into your domicile, car, or pick your pocket. The odds are that a financial institution will internal compromise your information than your information is intercepted at your wireless point. People do spoof wireless locations, but not often. It’s more likely to happen at an airport than a coffee house in the middle of no-where. Keep in mind that there people love to be afraid of things they do not understand. Fear is a good motivator. This said, it’s smart to be aware and practice good security policies.

    While it is true that these things can be cracked, easily is not so easy, it takes time, second, as RealityIsTerror notes, you shouldn't really be concerned. Brute force and elegant cracking tools are around, but again, running into somebody that is going to use them against you is not likely.

    I like RealityIsTerror's name, it states a truism.

    oh, and 3.) Don't use the same passwords and logon names for every site. At minimum, use a similar password and log on name for protected sites, and a common one for low security sites.


    What do you think?
     
  4. Cinch thread starter macrumors 6502

    Joined:
    Sep 18, 2005
    #4
    thank you for all the suggestions


    When I get my MacBook next week, I'll definitely turn off the Keylogger function. I didn't know it exist.

    I'll try to do all that is suggested here. I lost my laptop ~1.5 years ago and this new laptop will not contain personal info on it for sure.

    I think coming up with random login name and password sounds like the best advice, which I'm aware of but the vast majority of us never are.

    Cinch
     
  5. Eniregnat macrumors 68000

    Eniregnat

    Joined:
    Jan 22, 2003
    Location:
    In your head.
    #5
    I have a program that has a keyloger built in. It is not a function of OS X. It is designed to grab text I type should an application quit. Some people run these programs so that they never have to rebuild lost text from memory. I rarely use it. I have to use a sketchy VPN program that crashes and takes my documents with it.

    Don't get too paranoid. You can secure individual files or entire disks, just make sure you remember what software you use to secure personal data, and that you remember to key. Apple provides the FileVault feature which is secure, but there is a cost to speed and efficiency. Encrypting data makes it take up more space and take up processing time.[/QUOTE]

    Doing this all of the time for every site may become cumbersome. It also might not be advisable for your computer. Just remember to store your passwords and keys somewhere else, so you don't get locked out.
     

Share This Page