How is the signal from laptop to router secure?

Discussion in 'Mac Basics and Help' started by Wie Gehts, Aug 20, 2007.

  1. Wie Gehts macrumors 6502

    Joined:
    Mar 22, 2007
    #1
    Well, new macbook and hooked it up via dsl (modem/ethernet cable)

    So I was connected for a couple of days then started reading about security so I turned on firewall and stealth mode.

    That in turn took me to the threads about wireless routers. Thats neat...I don't have to be tied to this pita cable. So today I bought a router.

    I got this Linksys WRT54GS which I read about here and apparently is made for easy walkthrough set up.

    So theres a firewall on the computer, the router has a firewall and that in turn goes into the dsl cabling network.

    My question is, is what about the wireless signal the computer is sending to the router? How do you stop anyone else from intercepting that signal? :confused:

    Thanks
     
  2. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #2
    you enable WPA security on the router, and then it is encrypted with a password. It is probably secure in a similar way to buying stuff on Amazon.
     
  3. peter32892 macrumors member

    Joined:
    Jul 16, 2006
    #3
    All you have to do is put a wep key on it and your all good.
     
  4. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #4
    Well, technically, WEP is quite weak and anyone who knows what they are doing can break WEP. This is why WPA and WPA2 were developed.

    That being said, WEP will keep out the casual and amateur.
     
  5. Wie Gehts thread starter macrumors 6502

    Joined:
    Mar 22, 2007
    #5
    thanks

    Hang on though, I thought that it was the computer thats sending all my keystrokes and whatnot to the router, not the other way around?
     
  6. Wie Gehts thread starter macrumors 6502

    Joined:
    Mar 22, 2007
    #6
    So this WEP/WPA2 thing encrypts the wireless signal form the computer?
     
  7. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #7
    The router must transfer the data you requested back to your computer. Like bank records... ;)

    Err.. no, that's only half of it. WEP/WPA* encrypt the data transfered in a signal.
    So all data from computer -> router, and all data from router -> computer.
     
  8. Wie Gehts thread starter macrumors 6502

    Joined:
    Mar 22, 2007
  9. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #9
    True.

    However WEP can be hacked in less than 60 seconds with a powerful computer like a Macbook, and you can find software to do it with a simple Google search, I believe there is even a project for hacking wireless networks on Sourceforge (its a security research tool ;) ).

    To sum it up, WEP is as secure as a base install of Windows XP (without SP2), except that less people can hack your wireless network as it isn't open to the entire world.
     
  10. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #10
    Well, we both know how being able to perform a Google search can separate the "knows what they are doing" from the regular folks we see around here a lot. :)
     
  11. StealthRider macrumors 65816

    StealthRider

    Joined:
    Jan 23, 2002
    Location:
    Yokosuka, Japan
    #11
    If possible, use WPA2 Personal encryption, and disable SSID broadcast - this is the scheme I usually use when I set up home networks.
     
  12. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #12
    also turn off your router broad casting its SSID. A lot harder to get on a network that is not broad casting it name.

    The router in my apartment has several layers of protection on it.
    First it has WEP which I know is weak but WPA has been hit or mess for me.
    2nd my router does not broad cast its SSID which means you need to know the router name to even get on it.
    3rd I have the wireless out put turn down to 10% which means you either have to be in my apartment or with in a few feet of the walls out side to even get on have a chance of getting on it.
     
  13. Wie Gehts thread starter macrumors 6502

    Joined:
    Mar 22, 2007
  14. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #14
    True but if you don't broadcast the SSID, what happens if a friend comes round and wants to access the network, then they have to be told the name too.
     
  15. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #15
    lol WEP2 aint take that long either. trust me, im a rat :p (bananas in pyjamas anyone????)
     
  16. sbluetruck macrumors regular

    sbluetruck

    Joined:
    Jul 25, 2007
    Location:
    Wisconsin der hey
    #16
    On my router at home i have WEP set up because it is "more universal" that is, people who come over can connect even if they have older devices that don't support WPA.

    seeing as WEP is weaker, i have mac address filtering.
    a mac address is the alphanumeric number, almost like a serial number, that is unique to every piece of hardware. no two have the same.
    my router is set to block all users even if they have the correct WEP password. with mac address filtering, my router only allows computers and devices that have the correct WEP address AND the same mac address that is listed in the "exceptions" list.

    to sum it all up, you've got to know the secret password and be invited to the party to use the internet at my house ;):D

    if you can, try mac address filtering. it gives you a great peace of mind :D
     
  17. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #17
    lol im gonna wreck your peice of mind and say that mac addresses are easily tricked. its so incredibly easy. (just to break your bubble :p)
    not alot of people would kno about that tho i spose
     
  18. Eraserhead macrumors G4

    Eraserhead

    Joined:
    Nov 3, 2005
    Location:
    UK
    #18
    Interesting, clearly anyone who was into hacking wireless networks could do it. But it seems that the hackability of WPA is mainly down to people using simple keys rather than the technology itself.

    Anyone with XP or better can use WPA, so that isn't exactly a major concern.
     
  19. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #19
    Easily spoofed, yes.. but you actually have to KNOW what an acceptable MAC address is on the filtered router. So, please don't make this out to be more than it is.
     
  20. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #20
    finding out a suitable mac address really isnt all that hard. there are so many programs.
     
  21. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #21
    It IS hard, because in order to sniff, you have to be on the same subnet.
    MAC addresses aren't routed. And clearly if you're not part of the MAC address filtering, then you're not on the same subnet, and you're not sniffing MAC addresses. The addition of WPA makes it pretty much impossible at that point.

    If you want continue, you have to have an exploitable resource, and a handy exploit.
     
  22. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #22
    being on the domain is an exploitable resource, there are so many holes in wireless security it isnt funny. alot of home networks would not have mac address as a identifier, they would just have WPA, so its a simple process really.
     
  23. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #23
    What does "being on the domain" mean? Do you mean on the subnet? And agreed, wireless networking leave a lot to be desired in terms of security. However, convenience often wins out in that battle.


    Soooooo.. if they aren't using MAC address filtering, then what is the point of penetrating their network and sniffing/spoofing MAC addresses? :confused: :rolleyes:
     
  24. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #24
    1.being on the domain means the subnet yes, technically you dont have to be on the 'domain' to be allowed access.

    2. if there is no MAC filtering, then obviously one would skip it. im just saying that identifying that information is not all that difficult.
     
  25. Wie Gehts thread starter macrumors 6502

    Joined:
    Mar 22, 2007
    #25
    If I may break in here.... ;)

    I spent the past 8 hours trying to figure out how to get this linksys router to work.
    I could not get a network connection if I was hardwired through the router in the first place!

    Then the tech support guy told me I couldn't use a mac with it unless I got on a pc and configured it from that.

    About 5 hrs into it I managed to get the latest firmware installed,
    but then got into big problems on the setup administration area.

    Called tech support again and got a patient woman who walked me throught the whole thing from scratch and ..viola'...I'm on wireless.

    Got mac firewalls going, got the routers firewall going and I gots my password. :)

    But all my hairs gone from ripping it out :p
     

Share This Page