Wifi Security

[Knightoftheapp]

The iPad that I'm getting is "wifi only". I've spent some time learning about wifi security on YouTube. Could someone please tell me where I might go to learn more? Or perhaps you have your own thoughts? Thanks.

 

[sjleworthy]

Security is usually done at router level. The majority of routers come with protection already enabled, but some older systems dont. If yours doesn't, just google up how secure your router's make.

 

[Knightoftheapp]

Security is usually done at router level. The majority of routers come with protection already enabled, but some older systems dont. If yours doesn't, just google up how secure your router's make.

What about public wifi?

 

[DontUnderstandMyIpad]

What about public wifi?

Public unencrypted wifi is not a good option, as anyone on the same network can eavesdrop into your traffic.

 

[RAC]

Security is usually done at router level. The majority of routers come with protection already enabled, but some older systems dont. If yours doesn't, just google up how secure your router's make.

My 2 cents worth on this subject.

I have MAC address filtering on my router. Only devices with MAC addresses that I configure can connect to the router.

Most WiFi routers allow you to suppress broadcasting of the router name so that your router won't appear in anyone's list of available networks. To connect other users need to know the name of your router.

I believe that serious hackers can get around almost any WiFi security but the chances of such a person being within range of your router is quite low.

 

[GlenL]

I have MAC address filtering on my router. Only devices with MAC addresses that I configure can connect to the router.

I believe that serious hackers can get around almost any WiFi security but the chances of such a person being within range of your router is quite low.

I understand why you restrict MAC addresses, but for a lot of folks that seems very restrictive. Let's say you have a visitor that wants wifi Internet, but you're not home to configure it and your family members don't know how. Well I guess they're SOL then.

 

[DontUnderstandMyIpad]

I understand why you restrict MAC addresses, but for a lot of folks that seems very restrictive. Let's say you have a visitor that wants wifi Internet, but you're not home to configure it and your family members don't know how. Well I guess they're SOL then.

MAC filtering does not add much to the overall security, as a MAC address can be easily changed.

Anyhow, this would be a good example for remote accessing the home network from the iPad, wouldn't it?

 

[sjleworthy]

To be honest, my last router was MAC configured. I had quick easy admin access available to me. It was my network and I decided who was on it or not.

Yes, it's not wonderfully safe, but safe enough from the average person in your neighbourhood. It can generally only be over ridden by a person with knowledge and persistence. The majority of us haven't got this. Most of us can't even view past a network which isn't broadcasting it's presence.

As for public wi-fi spots - does it really matter? Do you really need to use public, generally unsecured networks to do confidential and secure stuff? That's even presuming someone's even bothering to take an interest in you.

 

[RAC]

I understand why you restrict MAC addresses, but for a lot of folks that seems very restrictive. Let's say you have a visitor that wants wifi Internet, but you're not home to configure it and your family members don't know how. Well I guess they're SOL then.

MAC filtering does not add much to the overall security, as a MAC address can be easily changed.

Anyhow, this would be a good example for remote accessing the home network from the iPad, wouldn't it?

I would have thought that it would be a "challenge" to guess the few MAC addresses that were configured, unless it is possible to extract them from the router configuration.

 

[DontUnderstandMyIpad]

I would have thought that it would be a "challenge" to guess the few MAC addresses that were configured, unless it is possible to extract them from the router configuration.

Well, it depends, if your wifi network is encrypted, then it will be difficult to find out the MAC address, as the encryption has to be cracked first.

But if the Wifi is unencrypted, it is simply a matter of listening to the devices on the same network. This can be done directly from Windows/Mac with the help of a sniffing tool. Since each device on the network sends along it's MAC as a means of identification, is it fairly straight forward to obtain the MAC. Once you have it, you would simply use a tool like MacMakeUp to change your own MAC to one of the devices, which are allowed to connect. Identical MAC's will lead to a conflict and one of the devices will be kicked out. So you would have to wait for the other device to leave the network.

Anyhow, the point being, no one guesses MAC's, as you mentioned that would be quite a challenge. You could use MAC filtering in conjunction with WPA encryption and it will be fairly safe, but not because of the MAC filter, because again, as soon as the password is known, a MAC filter can be easily rendered useless.

Hopefully this post has not yet crossed the borderline, it definitely wasn't intended too. It has merely an educational purpose.

 

[RAC]

I would have thought that it would be a "challenge" to guess the few MAC addresses that were configured, unless it is possible to extract them from the router configuration.

Well, it depends, if your wifi network is encrypted, then it will be difficult to find out the MAC address, as the encryption has to be cracked first.

But if the Wifi is unencrypted, it is simply a matter of listening to the devices on the same network. This can be done directly from Windows/Mac with the help of a sniffing tool. Since each device on the network sends along it's MAC as a means of identification, is it fairly straight forward to obtain the MAC. Once you have it, you would simply use a tool like MacMakeUp to change your own MAC to one of the devices, which are allowed to connect. Identical MAC's will lead to a conflict and one of the devices will be kicked out. So you would have to wait for the other device to leave the network.

Anyhow, the point being, no one guesses MAC's, as you mentioned that would be quite a challenge. You could use MAC filtering in conjunction with WPA encryption and it will be fairly safe, but not because of the MAC filter, because again, as soon as the password is known, a MAC filter can be easily rendered useless.

Hopefully this post has not yet crossed the borderline, it definitely wasn't intended too. It has merely an educational purpose.

Thanks, we could all use some education on this subject.

 

[graywolf]

I'd like to start a wifi security company in my neighborhood. I've noticed over 125 open networks in my neighborhood.

Welcome to my world.

 

[wasabinuki]

I agree with what most people have said already in this thread, but here is my $.02. From my experience I suggest you use WPA2 encryption at the minimum. For a secondary level of security, turn off the SSID so it is not visible to everybody with a Wi-Fi device. And to add another layer of defense, you can turn on MAC filtering to allow only the devices you specify in the router's management utility.

As far as using a public Wi-Fi network (like at Starbucks) that is open season and you should protect yourself by not accessing any sensitive sites (like banking) while you are connected. However, you can use a travel router to create your own secure network and access anything you want, which is very nice for people that "work" from public Wi-Fi locations.

 

[sjleworthy]

I'd like to start a wifi security company in my neighborhood. I've noticed over 125 open networks in my neighborhood.

Welcome to my world.

But how many of those networks can you actually log into and actively piggyback onto the web with? Hardly any i bet. Just because a network looks open that doesn't mean it's totally open. Try them.

Unless you're particularly knowledgeable on the subject you'll not be able to just enter any network you fancy, seemingly open or not.

 

[graywolf]

But how many of those networks can you actually log into and actively piggyback onto the web with? Hardly any i bet. Just because a network looks open that doesn't mean it's totally open. Try them.

Unless you're particularly knowledgeable on the subject you'll not be able to just enter any network you fancy.

I can. Don't know what you are talking about. Tap and join simplicity is what iPad provides.