|
|
Internet Sharing can disrupt network?
|
|
|
|
Mac Elite
Join Date: Sep 2006
Location: Back in the Good Ole US of A
Status:
Offline
|
|
My cube at work has crappy WiFi connectivity so I was going to share the ethernet connection on my laptop via Airport so my iPhone can connect to the internet. Upon checking the Internet Sharing checkbox I was presented with this:
Can anyone enlighten me about this potential network disruption?
(
Last edited by Atheist; Jun 25, 2010 at 09:05 AM.
)
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
It's a longshot but in theory I suppose it could happen. However, I've done this on a number of networks and never had issues. Chances are high it will work just fine.
The larger concern is your work's IT policies -- retransmitting their hardline ethernet over wifi could expose their network in ways that they are not aware of (because they didn't have a role in reviewing or setting up your Internet Sharing). In some places this is a fireable offense, so please tread carefully.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2006
Location: Back in the Good Ole US of A
Status:
Offline
|
|
Thanks for the info. I'll give it a shot.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2006
Location: Here
Status:
Offline
|
|
Password-protect it and don't broadcast the SSID. At my work, you aren't allowed to do this, but people do it anyway.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
Originally Posted by Tuoder
Password-protect it and don't broadcast the SSID. At my work, you aren't allowed to do this, but people do it anyway.
That does almost nothing for security. No traffic is encrypted and client machines are totally exposed.
Even if one encrypts the Airport sharing, the only option is WEP, which is worthless against a semi-knowledgeable attacker (WEP can be broken in 60 seconds or so).
If I walked into an office and saw open wifi points into their work LAN, I'd think twice about doing business there if it involved any personal or proprietary data I cared about.
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2006
Location: Here
Status:
Offline
|
|
Originally Posted by Cold Warrior
That does almost nothing for security. No traffic is encrypted and client machines are totally exposed.
Even if one encrypts the Airport sharing, the only option is WEP, which is worthless against a semi-knowledgeable attacker (WEP can be broken in 60 seconds or so).
If I walked into an office and saw open wifi points into their work LAN, I'd think twice about doing business there if it involved any personal or proprietary data I cared about.
When I said to password-protect it, I meant to encrypt it. Is there a way to password-protect it without encrypting it?
Not broadcasting the SSID and encrypting is not fool-proof, but no security is. WEP is easy to crack, but it is an extremely small subset of people who would even attempt it.
Or, to state it differently, find me someone who could find a hidden network and break through WEP, wouldn't be able to do the same by brute-forcing WPA2 Personal with an additional couple of weeks.
|
|
|
|
|
|
|
|
|
Moderator
Join Date: Jan 2001
Location: Polwaristan
Status:
Offline
|
|
Originally Posted by Tuoder
When I said to password-protect it, I meant to encrypt it. Is there a way to password-protect it without encrypting it?
Not with the OS X sharing prefs, but I've seen it on dedicated routers.
Not broadcasting the SSID and encrypting is not fool-proof, but no security is. WEP is easy to crack, but it is an extremely small subset of people who would even attempt it.
That's like saying I'll leave the keys in my Ferrari with the top down in Times Square. Crime isn't that bad, just a small subset of people. One is all it takes, then the business computers are all cracked, databases stolen, VOIP systems compromised, and a local newspaper article running a story about it.
Or, to state it differently, find me someone who could find a hidden network and break through WEP, wouldn't be able to do the same by brute-forcing WPA2 Personal with an additional couple of weeks.
I can't, because it's not possible. Max out your WPA2 passphrase and throw in some random numbers and characters, and WPA2 cannot be broken. Not by brute force. Dictionary attack is the only attack for WPA2, but a solid passphrase protects against that.
WEP however is completely broken in the algorithm, and a huge password does no good because it is inherently weak.
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
The primary effect of not broadcasting your SSID is that some clients-even those you may want to-cannot see your network to join it. On the other hand, the SSID is out there anyway, as part of some of the header information in data packets, so the bad guys, those attempting to capture your traffic so they can infiltrate your network, can see it.
As Cold Warrior says, WEP is as broken as it gets; it was based on a flawed implementation of what would otherwise be a very strong encryption algorithm, and that flaw made it simply useless. Further, there is a fixed maximum length of WEP keys-13 bytes. You cannot get any more out of WEP. Apple's implementation of ASCII-to-Key was to take the raw byte values of the first 13 characters entered as a "password" and simply ignore the rest. WEP was supposed to use the RC4 streaming cypher to protect the traffic, but an error in how that cypher was used with an initialization vector made even that very robust cypher useless. Unfortunately this was standardized and incorporated in the 802.11b standard before anyone had the opportunity to do a thorough enough investigation to identify this flaw.
WPA and WPA2, on the other hand, use a solid implementation of an AES-based encryption process that has been mathematically proven to be secure. As Cold Warrior points out, the only attack that has any hope of success is a dictionary attack-against the key generation algorithm-and it is only ever successful with VERY short passpharases/keys that include dictionary words. A completely random passphrase that is very long (I use the maximum 63 characters), and that contains all allowable characters,is exceptionally robust.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Mar 2006
Location: Here
Status:
Offline
|
|
Originally Posted by Cold Warrior
Not with the OS X sharing prefs, but I've seen it on dedicated routers.
That's like saying I'll leave the keys in my Ferrari with the top down in Times Square. Crime isn't that bad, just a small subset of people. One is all it takes, then the business computers are all cracked, databases stolen, VOIP systems compromised, and a local newspaper article running a story about it.
I can't, because it's not possible. Max out your WPA2 passphrase and throw in some random numbers and characters, and WPA2 cannot be broken. Not by brute force. Dictionary attack is the only attack for WPA2, but a solid passphrase protects against that.
WEP however is completely broken in the algorithm, and a huge password does no good because it is inherently weak.
That's not an apt metaphor at all. It would be more like saying "Lock your doors, but a moat is probably overkill."
WEP isn't very good at all. I could get in with 15 minutes of time. Any password-protected system can be bruteforced given enough time. The vast majoriy of unauthorized users of a network are just people looking for a hotspot. People are mostly just trying to find the easiest way to do that.
No pro is crusading to get you specifically, they're going after the easiest target. When being chased by an alligator, you don't have to run the quickest, you only have to run faster than you fattest friend.
Originally Posted by ghporter
The primary effect of not broadcasting your SSID is that some clients-even those you may want to-cannot see your network to join it. On the other hand, the SSID is out there anyway, as part of some of the header information in data packets, so the bad guys, those attempting to capture your traffic so they can infiltrate your network, can see it.
As Cold Warrior says, WEP is as broken as it gets; it was based on a flawed implementation of what would otherwise be a very strong encryption algorithm, and that flaw made it simply useless. Further, there is a fixed maximum length of WEP keys-13 bytes. You cannot get any more out of WEP. Apple's implementation of ASCII-to-Key was to take the raw byte values of the first 13 characters entered as a "password" and simply ignore the rest. WEP was supposed to use the RC4 streaming cypher to protect the traffic, but an error in how that cypher was used with an initialization vector made even that very robust cypher useless. Unfortunately this was standardized and incorporated in the 802.11b standard before anyone had the opportunity to do a thorough enough investigation to identify this flaw.
WPA and WPA2, on the other hand, use a solid implementation of an AES-based encryption process that has been mathematically proven to be secure. As Cold Warrior points out, the only attack that has any hope of success is a dictionary attack-against the key generation algorithm-and it is only ever successful with VERY short passpharases/keys that include dictionary words. A completely random passphrase that is very long (I use the maximum 63 characters), and that contains all allowable characters,is exceptionally robust.
I've mostly responded to this above. The purpose of not broadcasting SSIDs in this case, is jsut to keep from being noticed, and to keep any random idiot from hopping on or generating the motivation to figure out how to get on.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status:
Offline
|
|
Wow! You're using a Cube at work.
|
|
|
|
|
|
|
|
|
Administrator
Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
Originally Posted by Tuoder
I've mostly responded to this above. The purpose of not broadcasting SSIDs in this case, is jsut to keep from being noticed, and to keep any random idiot from hopping on or generating the motivation to figure out how to get on.
If you're running WPA or WPA2, no random idiot will have any success in trying to hop on, no matter how motivated he is. To me the benefit (allowing others who have your permission to see your network) outweighs the rather remote possibility that others with evil intentions could somehow break WPA to get on your network.
It's your network, but in a practical sense not broadcasting the SSID is without value.
|
Glenn -----OTR/L, MOT, Tx
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|