Separate names with a comma.
Discussion in 'DIRECTV HD DVR/Receiver Discussion' started by B Newt, Mar 30, 2013.
What I was trying to say my wifi is password protected.
As it should be. But are you somehow trying to log into the router from your receiver? Is there a web browser app on the receiver? I never use the receiver apps, so I don't know what all is there.
No offense, but that comment is ludicrous on so many levels. I do computer repair work and i cant begin to tell you how many systems have been hacked. Banks accounts, credit cards, etc. I spend most of the time educating my clients on how to protect their systems and the do's and don'ts than i do repairs. Some just have no idea and have blinders on.
Again no offense, but that ideology is going to get you or anyone you preach that to in trouble.
While security of your system is important, and there are real dangers like identity theft, it is HIGHLY unlikely that any of that will come about through hackers "breaking" into your wifi network. As long as you use WPA or better and use a secure password, your wifi network will be nearly un-hackable.
And, contrary to popular opinion, random strings of characters are no more secure than a passphrase. Something like "don't watch tv directv" is extremely difficult to crack. Most systems are compromised by either using a simple string of characters, or more commonly by the user themselves downloading a file or opening an email, from an infected source. The biggest problem with passwords like "?#%+gg54" is that they are hard to remember, so people write them down. Once written down, a password is not worth the paper it's written on.
It is extremely difficult to decrypt WPA and nearly impossible to decrypt WPA2. Pass phrases are resistant to key generators. Between the two, a wireless network is as secure as an Ethernet cable.
The entire ipv4 space has been scanned in about an hour by a botnet created by one person. He found half a million devices with telnet open to the Internet using default passwords that he could install his bot software on. Turning it off overnight doesn't help with a scan like this.
Ad it actually isn't that hard to get into a wireless router. Generally it does take a few hours, but most can be broken into in under 10 hours. It doesn't matter if its wpa2 with a passcode of
By default on a lot of newer routers, finding that key just isn't necessary. All you need is the WPS PIN. Fortunately, I believe it wold need to be attacked over wifi, not just over the Internet.
The password you choose is affected by the security mechanism you use. WPA2 for example is form of encryption, it would take quite some time to brute force (guess using logic) whatever your password is. It's best to change your password periodically that way if someone gets the hash and actually cares enough to devote that much time to logging into your router by the time they figure it out, the password is different. You can also hide your SSID and use MAC filtering and disable WPS on most routers. None of this however has anything to do with identity theft, that's a whole other topic. This is just relating to accessing your private network.
MAC filtering and hiding the SSID are useless, but agree overall.
Well, since the SSID is an input to the WPA encryption algorithm, it isn't exactly useless, but it doesn't add much.
For wireless security, turn off WPS, use WPA2, AES (CCMP) encryption and a reasonably long passphrase that you change periodically. The WPA2 protocol uses a 256bit key. Attempting to break a 256bit key with a brute force approach would take thousands of years. Most password protected systems are broken into because the password is either obvious or was exposed by the password holder.
By far, the most common method of security compromises on home computers is infected email, website or social media downloads.
It still requires a hacker to seed the code, no matter where it came from - it could have came from someone's personal website - bottom line - ignore security measures on a home machine is just plain stupidity and living in a world with rose colored glasses. No one to blame but yourself - even though the user will try to blame everyone but themselves
really - to what do you base this statement on? Maybe random guessing of a hidden SSID?
No random guessing needed. There are many wifi programs that will show you the SSID for hidden networks.
Also keep on mind on many Linksys routers, disabling WPS doesn't work, unless the firmware has been updated to fix the issue, if its one that they even have fixed.
A list of ones that are affected, the ones TBD likely will not be fixed unless Belkin makes a difference here.
I don't think anyone with argue with you on that sentiment. However, attacks via wifi are extremely rare so long as some very basic steps are taken when installing the router. Happily, I see very few wide open wifi networks any longer, but I am always amazed by the high percentage of networks still using WEP. MAC filtering and hidden SSIDs add complexity and inconvenience without really making a meaningful contribution to overall security.
when I setup for customers, always utilize hidden SSID that are 10 - 15 characters in length and AMC filtering, hard to try and break what you cannot see and are not allowed to the access it even if you see it. Personally don't feel it is an inconvenience and that it adds a lot to the integrity of the network, course my first thought is not to utilize wireless at all unless it is absolutely needed, don't have it in my personal network since there is no need for it, everything is hard wired to 3750 10/100/1000 POE switches
I think what Diana is saying is that MAC filtering and hiding the SSID can be overcome in a couple of seconds using one many 'tools'. MAC addresses are easily spoofed and it isn't worth the trouble implement MAC filtering.
WPA2 is the way to go. It would be easier and quicker to just break into someone's house and plug into their network physically than it would be to break WPA2 encryption.
Exactly. Airsnort is one such tool that will pick out your "hidden" SSIDs and MAC addresses from the air.
I guess you've never looked at your router logs or have been fortunate enough not to be scanned by the numerous bots out there.
A scan through my firewall logs showed that on 3 occasions someone from a Chinese IP address tried to scan for any vulnerable ports on my IP.
All that does is keep the honest people out - like a cheap lock on a door. A determined individual will have little difficulty getting around the hidden, long SSID and MAC addresses are easily spoofed. It does, however, add another layer of complexity that might make the would be hacker move on to a softer target (or encourage them to try harder since so much security must mean there is something really valuable behind it). For home use, it is overkill - a good WPA2 passphrase is almost always sufficient. Usually the only thing a typical residential user needs to be concerned with is keeping the neighbors or a passerby from stealing internet access. Hard-wiring everything is indeed more secure but impractical and antiqued with today's technology-much of which doesn't even come with the capability to connect via hard-wire.
Of course a consultant looking to keep the gravy train going might opt to make things difficult for the client requiring them to call, racking up billable hours, every time they need to add or change a device or setting because they don't remember the SSID or can't get in to the router to change a MAC address. Playing on a client's fear or ignorance can be a powerful motivator. I'm not suggesting that is the case here but unfortunately I have seen it happen. Security and convenience are at opposite ends of the spectrum the key to success is finding a reasonable balance.
Not picking on you directly. But addressing the wireless is less secure than wired comments. In a home network, yes, this is generally the case. But in a corporate environment which some of this discussion is hinting towards, this is not necessarily true. There are ways to implement a very secure wireless solution that can rival and sometimes exceed the security in many wired implementations.
One such security mechanism is to use 802.1x (or dot 1x as it is sometimes referred as) to secure your wireless implementations. This is also referred to as WPA2 Enterprise where there is no such thing as a passphrase any more. In a corporate environment the use of passphrases is unmanageable and insecure. Dot 1x uses Radius authentication along with a username and password that is unique to each user either defined locally or via a domain login. The encryption key is generated based off of the username and password token so each wireless connection is unique. Additional security safe guards that are added is some sort of NAC solution which will do device profiling and finger printing. Some of these NAC solutions will also restrict user access to specific protocols or services on your network based on user credentials.
Another mechanism which is gaining momentum in the Federal space and is finding traction in the commercial space (particularly in financial institutions) is the whole concept of Suite B encryption. Suite B is a NSA sponsored program which uses commercially available encryption to provide a higher level of security over wireless networks on classified networks.
In many wired implementations, many institutions have not gone the extra step into securing their wired ports. If you have physical access to the facility, many times you can just plug in a device and be on the network. While dot 1x can also be implemented into wired networks, it requires additional man hours as each port needs to be configured where as with wireless you only configure it at the wireless controller once. Also many institutions are going wireless rather than wired when expanding their networks as they have found real dollar savings in doing so in addition to the growing BYOD (bring your own device) initiatives.
Precisely (particularly the bolded section)!
But they were not doing that by hacking your wifi signal. Of course you need a firewall, and security on your network. Howeveer, going around and getting the MAC address of every device you want to attach to your network is, IMHO, a huge waste of time for a home network. But if it makes you sleep better at night, have at it.
I never said this was about hacking my WiFi network. It was in reference to the other side topic about plugging in a PC directly to the ISP modem and it being a non-issue with doing so.