View previous topic :: View next topic |
Author |
Message |
Budoka l33t
Joined: 03 Jun 2012 Posts: 777 Location: Tokyo, Japan
|
Posted: Wed May 03, 2017 6:47 pm Post subject: Mitigate the risk of using a WEP only router? |
|
|
If I put a travel router with WPA2 capability between my box and a public wifi router that only has WEP capability (Yeah I know but out of my control) am I now better protected?
I am using a travel router to connect to a public wifi that only has WEP. The travel router then broadcasts the signal under a new AP name and uses WPA2. But I am confused.
So in this scenario, I know that the traffic between my Gentoo box and the travel router is encrypted with WPA2 but is the traffic between the travel router and the wifi router also WPA2? Or does it revert to WEP because that is what the wifi router uses? Or is it now WPA2 encrypted traffic over WEP? Also, what does it look like when I am sending data outside of the network ie Internet banking etc. ?
Hopefully, my question isn't too confusing. |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9655 Location: almost Mile High in the USA
|
Posted: Wed May 03, 2017 7:29 pm Post subject: |
|
|
Reverts to WEP.
I would hope most internet banking is done with SSL anyway so it (mostly) doesn't matter that it's WEP. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
Budoka l33t
Joined: 03 Jun 2012 Posts: 777 Location: Tokyo, Japan
|
Posted: Wed May 03, 2017 7:47 pm Post subject: |
|
|
eccerr0r wrote: | Reverts to WEP.
I would hope most internet banking is done with SSL anyway so it (mostly) doesn't matter that it's WEP. |
Thanks. So basically the travel router even though WPA2 does little to add security because the WIFI router is WEP. Correct?
Whenever I do anything banking related etc I go through a VPN. Rather err on the side of caution. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54121 Location: 56N 3W
|
Posted: Wed May 03, 2017 7:48 pm Post subject: |
|
|
Budoka,
Look into using a VPN.
Public wifi suffers from everyone on the same network using the same key, so everyone can see each others data if they want to.
Some applications will use ssl some won't.
The only fix is to run your own encryption over the public wifi. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Budoka l33t
Joined: 03 Jun 2012 Posts: 777 Location: Tokyo, Japan
|
Posted: Wed May 03, 2017 7:57 pm Post subject: |
|
|
NeddySeagoon wrote: | Budoka,
Look into using a VPN.
Public wifi suffers from everyone on the same network using the same key, so everyone can see each others data if they want to.
Some applications will use ssl some won't.
The only fix is to run your own encryption over the public wifi. |
Thanks, Neddy. I generally, as a rule, use a VPN. Which actually just reminded me of something...
I noticed that when I use just the travel router without VPN all of my ports are Stealthed but my box apparently responds to ping. When I turn my VPN on SSH, HTTP, and HTTPS are opened and everything else is still stealthed. Is one preferable over the other? I generally check any new network I jump on with Shields Up before sending traffic over it. But am not great at interpreting the results. LOL |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54121 Location: 56N 3W
|
Posted: Wed May 03, 2017 8:36 pm Post subject: |
|
|
Budoka,
When you use a VPN your host should show a few open ports over the carrier IP address and everything else over the VPN tunnel.
The open ports on carrier IP address are just to allow your carrier dhcp lease to be renewed.
Everything else should go over the VPN. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3112
|
Posted: Wed May 03, 2017 8:40 pm Post subject: |
|
|
Quote: | VPN (...) The only fix is to run your own encryption over the public wifi. | You make it sound like if retail connection was more secure.
The difference isn't all that significant. Your neighbour's kid may find it harder that way, but even things like accidentally hijacking the internet with misconfigured BGP have been reported... |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54121 Location: 56N 3W
|
Posted: Wed May 03, 2017 8:46 pm Post subject: |
|
|
szatox,
Is that with cable (TV) internet?
I've heard a few horror stories but I live in a wee village. Cable is not an option.
Wifi is insecure everywhere. I wouldn't do banking or shopping over my own wifi, never mind wifi that I knew was shared. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
szatox Advocate
Joined: 27 Aug 2013 Posts: 3112
|
Posted: Wed May 03, 2017 9:35 pm Post subject: |
|
|
Doesn't matter. People are more or less the same everywhere.
Wiifi or no wifi, if you wanna do something that needs security, make sure you use SSL and the certificate presented by server is valid. If you do, open wifi doesn't matter.
If you don't, well, the wires are long. Everything depends on how bold the eavesdropper is. Bonus point if he is a malicious employee on ISP's staff. Who knows what you would discover if you actually put some effort into diagnosing that flapping connection to another segment...
BTW, a short article on security of BGP: https://www.bishopfox.com/blog/2015/08/an-overview-of-bgp-hijacking/
First, you need at least /24 IPv4 pool, and preferably /22... Then you can route all the internet through YOUR wires |
|
Back to top |
|
|
NTU Apprentice
Joined: 17 Jul 2015 Posts: 187
|
Posted: Wed May 03, 2017 9:51 pm Post subject: |
|
|
If you're concerned about wireless security, use OpenWRT and operate on frequencies that are not supported by common devices and also violate FCC regulations way beyond spec to the point of rendering the modem incompatible with common laptops and wifi dongles. Then you won't even need WEP/WPA! |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9655 Location: almost Mile High in the USA
|
Posted: Wed May 03, 2017 10:45 pm Post subject: |
|
|
NTU wrote: | If you're concerned about wireless security, use OpenWRT and operate on frequencies that are not supported by common devices and also violate FCC regulations way beyond spec to the point of rendering the modem incompatible with common laptops and wifi dongles. Then you won't even need WEP/WPA! |
Yay security by obscurity. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54121 Location: 56N 3W
|
Posted: Thu May 04, 2017 9:50 am Post subject: |
|
|
NTU,
That will attract the attention of all sorts of people for all the wrong reasons.
None of them will be interested in your data either. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Budoka l33t
Joined: 03 Jun 2012 Posts: 777 Location: Tokyo, Japan
|
Posted: Thu May 04, 2017 11:49 am Post subject: |
|
|
NeddySeagoon wrote: |
The only fix is to run your own encryption over the public wifi. |
That is what I was hoping to accomplish putting the WPA2 travel router between me and the Public Wifi. But seems that doesn't get the job done. Anyway thanks as always. |
|
Back to top |
|
|
NTU Apprentice
Joined: 17 Jul 2015 Posts: 187
|
Posted: Thu May 04, 2017 11:56 am Post subject: |
|
|
eccerr0r wrote: | NTU wrote: | If you're concerned about wireless security, use OpenWRT and operate on frequencies that are not supported by common devices and also violate FCC regulations way beyond spec to the point of rendering the modem incompatible with common laptops and wifi dongles. Then you won't even need WEP/WPA! |
Yay security by obscurity. |
You mean invisibility, but yes, very much so. Do people roll around in vans scanning for secret radio waves? Must have missed that memo.
By the way, t'was a joke. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54121 Location: 56N 3W
|
Posted: Thu May 04, 2017 12:03 pm Post subject: |
|
|
NTU,
There aren't any empty spaces in the radio spectrum.
By moving out of one of the very small unlicensed bands, you move into someone elses space.
They will notice and call out the vans you mention. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
|