How is the signal from laptop to router secure?

Wie Gehts

macrumors 6502
Original poster
Mar 22, 2007
490
13
Well, new macbook and hooked it up via dsl (modem/ethernet cable)

So I was connected for a couple of days then started reading about security so I turned on firewall and stealth mode.

That in turn took me to the threads about wireless routers. Thats neat...I don't have to be tied to this pita cable. So today I bought a router.

I got this Linksys WRT54GS which I read about here and apparently is made for easy walkthrough set up.

So theres a firewall on the computer, the router has a firewall and that in turn goes into the dsl cabling network.

My question is, is what about the wireless signal the computer is sending to the router? How do you stop anyone else from intercepting that signal? :confused:

Thanks
 

Eraserhead

macrumors G4
Nov 3, 2005
10,300
10,438
UK
you enable WPA security on the router, and then it is encrypted with a password. It is probably secure in a similar way to buying stuff on Amazon.
 

yellow

Moderator emeritus
Oct 21, 2003
15,925
1
Portland, OR
All you have to do is put a wep key on it and your all good.
Well, technically, WEP is quite weak and anyone who knows what they are doing can break WEP. This is why WPA and WPA2 were developed.

That being said, WEP will keep out the casual and amateur.
 

Wie Gehts

macrumors 6502
Original poster
Mar 22, 2007
490
13
you enable WPA security on the router, and then it is encrypted with a password. It is probably secure in a similar way to buying stuff on Amazon.
thanks

Hang on though, I thought that it was the computer thats sending all my keystrokes and whatnot to the router, not the other way around?
 

yellow

Moderator emeritus
Oct 21, 2003
15,925
1
Portland, OR
thanks

Hang on though, I thought that it was the computer thats sending all my keystrokes and whatnot to the router, not the other way around?
The router must transfer the data you requested back to your computer. Like bank records... ;)

So this WEP/WPA2 thing encrypts the wireless signal form the computer?
Err.. no, that's only half of it. WEP/WPA* encrypt the data transfered in a signal.
So all data from computer -> router, and all data from router -> computer.
 

Eraserhead

macrumors G4
Nov 3, 2005
10,300
10,438
UK
That being said, WEP will keep out the casual and amateur.
True.

Well, technically, WEP is quite weak and anyone who knows what they are doing can break WEP. This is why WPA and WPA2 were developed.
However WEP can be hacked in less than 60 seconds with a powerful computer like a Macbook, and you can find software to do it with a simple Google search, I believe there is even a project for hacking wireless networks on Sourceforge (its a security research tool ;) ).

To sum it up, WEP is as secure as a base install of Windows XP (without SP2), except that less people can hack your wireless network as it isn't open to the entire world.
 

yellow

Moderator emeritus
Oct 21, 2003
15,925
1
Portland, OR
However WEP can be hacked in less than 60 seconds with a powerful computer like a Macbook, and you can find software to do it with a simple Google search, I believe there is even a project for hacking wireless networks on Sourceforge (its a security research tool ;) ).
Well, we both know how being able to perform a Google search can separate the "knows what they are doing" from the regular folks we see around here a lot. :)
 

Rodimus Prime

macrumors G4
Oct 9, 2006
10,132
4
also turn off your router broad casting its SSID. A lot harder to get on a network that is not broad casting it name.

The router in my apartment has several layers of protection on it.
First it has WEP which I know is weak but WPA has been hit or mess for me.
2nd my router does not broad cast its SSID which means you need to know the router name to even get on it.
3rd I have the wireless out put turn down to 10% which means you either have to be in my apartment or with in a few feet of the walls out side to even get on have a chance of getting on it.
 

Eraserhead

macrumors G4
Nov 3, 2005
10,300
10,438
UK
If possible, use WPA2 Personal encryption, and disable SSID broadcast - this is the scheme I usually use when I set up home networks.
True but if you don't broadcast the SSID, what happens if a friend comes round and wants to access the network, then they have to be told the name too.
 

DoFoT9

macrumors P6
Jun 11, 2007
17,532
31
Singapore
True.However WEP can be hacked in less than 60 seconds with a powerful computer like a Macbook, and you can find software to do it with a simple Google search, I believe there is even a project for hacking wireless networks on Sourceforge (its a security research tool ;) ).
lol WEP2 aint take that long either. trust me, im a rat :p (bananas in pyjamas anyone????)
 

sbluetruck

macrumors regular
Jul 25, 2007
207
0
Wisconsin der hey
On my router at home i have WEP set up because it is "more universal" that is, people who come over can connect even if they have older devices that don't support WPA.

seeing as WEP is weaker, i have mac address filtering.
a mac address is the alphanumeric number, almost like a serial number, that is unique to every piece of hardware. no two have the same.
my router is set to block all users even if they have the correct WEP password. with mac address filtering, my router only allows computers and devices that have the correct WEP address AND the same mac address that is listed in the "exceptions" list.

to sum it all up, you've got to know the secret password and be invited to the party to use the internet at my house ;):D

if you can, try mac address filtering. it gives you a great peace of mind :D
 

DoFoT9

macrumors P6
Jun 11, 2007
17,532
31
Singapore
On my router at home i have WEP set up because it is "more universal" that is, people who come over can connect even if they have older devices that don't support WPA.

seeing as WEP is weaker, i have mac address filtering.
a mac address is the alphanumeric number, almost like a serial number, that is unique to every piece of hardware. no two have the same.
my router is set to block all users even if they have the correct WEP password. with mac address filtering, my router only allows computers and devices that have the correct WEP address AND the same mac address that is listed in the "exceptions" list.

to sum it all up, you've got to know the secret password and be invited to the party to use the internet at my house ;):D

if you can, try mac address filtering. it gives you a great peace of mind :D
lol im gonna wreck your peice of mind and say that mac addresses are easily tricked. its so incredibly easy. (just to break your bubble :p)
not alot of people would kno about that tho i spose
 

Eraserhead

macrumors G4
Nov 3, 2005
10,300
10,438
UK
not alot of people would kno about that tho i spose
Interesting, clearly anyone who was into hacking wireless networks could do it. But it seems that the hackability of WPA is mainly down to people using simple keys rather than the technology itself.

On my router at home i have WEP set up because it is "more universal" that is, people who come over can connect even if they have older devices that don't support WPA.
Anyone with XP or better can use WPA, so that isn't exactly a major concern.
 

yellow

Moderator emeritus
Oct 21, 2003
15,925
1
Portland, OR
lol im gonna wreck your peice of mind and say that mac addresses are easily tricked. its so incredibly easy. (just to break your bubble :p)
not alot of people would kno about that tho i spose
Easily spoofed, yes.. but you actually have to KNOW what an acceptable MAC address is on the filtered router. So, please don't make this out to be more than it is.
 

DoFoT9

macrumors P6
Jun 11, 2007
17,532
31
Singapore
Easily spoofed, yes.. but you actually have to KNOW what an acceptable MAC address is on the filtered router. So, please don't make this out to be more than it is.
finding out a suitable mac address really isnt all that hard. there are so many programs.
 

yellow

Moderator emeritus
Oct 21, 2003
15,925
1
Portland, OR
finding out a suitable mac address really isnt all that hard. there are so many programs.
It IS hard, because in order to sniff, you have to be on the same subnet.
MAC addresses aren't routed. And clearly if you're not part of the MAC address filtering, then you're not on the same subnet, and you're not sniffing MAC addresses. The addition of WPA makes it pretty much impossible at that point.

If you want continue, you have to have an exploitable resource, and a handy exploit.
 

DoFoT9

macrumors P6
Jun 11, 2007
17,532
31
Singapore
It IS hard, because in order to sniff, you have to be on the same subnet.
MAC addresses aren't routed. And clearly if you're not part of the MAC address filtering, then you're not on the same subnet, and you're not sniffing MAC addresses. The addition of WPA makes it pretty much impossible at that point.

If you want continue, you have to have an exploitable resource, and a handy exploit.
being on the domain is an exploitable resource, there are so many holes in wireless security it isnt funny. alot of home networks would not have mac address as a identifier, they would just have WPA, so its a simple process really.
 

yellow

Moderator emeritus
Oct 21, 2003
15,925
1
Portland, OR
being on the domain is an exploitable resource, there are so many holes in wireless security it isnt funny
What does "being on the domain" mean? Do you mean on the subnet? And agreed, wireless networking leave a lot to be desired in terms of security. However, convenience often wins out in that battle.


alot of home networks would not have mac address as a identifier, they would just have WPA, so its a simple process really.
Soooooo.. if they aren't using MAC address filtering, then what is the point of penetrating their network and sniffing/spoofing MAC addresses? :confused: :rolleyes:
 

DoFoT9

macrumors P6
Jun 11, 2007
17,532
31
Singapore
1.What does "being on the domain" mean? Do you mean on the subnet? And agreed, wireless networking leave a lot to be desired in terms of security. However, convenience often wins out in that battle.

2.Soooooo.. if they aren't using MAC address filtering, then what is the point of penetrating their network and sniffing/spoofing MAC addresses? :confused: :rolleyes:
1.being on the domain means the subnet yes, technically you dont have to be on the 'domain' to be allowed access.

2. if there is no MAC filtering, then obviously one would skip it. im just saying that identifying that information is not all that difficult.
 

Wie Gehts

macrumors 6502
Original poster
Mar 22, 2007
490
13
If I may break in here.... ;)

I spent the past 8 hours trying to figure out how to get this linksys router to work.
I could not get a network connection if I was hardwired through the router in the first place!

Then the tech support guy told me I couldn't use a mac with it unless I got on a pc and configured it from that.

About 5 hrs into it I managed to get the latest firmware installed,
but then got into big problems on the setup administration area.

Called tech support again and got a patient woman who walked me throught the whole thing from scratch and ..viola'...I'm on wireless.

Got mac firewalls going, got the routers firewall going and I gots my password. :)

But all my hairs gone from ripping it out :p