Wireless Security
|
|
OP
Joined: Aug 2009
|
So, if someone comes over and hooks up to my home wireless network, can malware be transferred that way?
Mid 2010 MacBook Pro 13" 2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5 1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD HP Laserjet 6MP printing postscript via 10/100 Intel print server Netgear WN2500RP Range Extender (Ira rocks!) Linksys WRT1900AC Wireless Router Brother MFC-9340CDW Color Laser iPad Air
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 1
Moderator
|
Moderator
Joined: Aug 2009
Likes: 1 |
If that person can access your Macs (or iDevices) in addition to using your WiFi, then yes.
alternaut ◉ moderator
|
|
Re: Wireless Security
|
|
OP
Joined: Aug 2009
|
That was fast! No, none of my devices are shared and this is not someone with bad intent, just someone who uses their computer on a lot of public networks and may have picked-up something along the way.
|
|
Re: Wireless Security
|
|
Joined: Aug 2009
|
So, if someone comes over and hooks up to my home wireless network, can malware be transferred that way? It's like living in a gated community, but you still lock your doors. If someone manages to sneak through the gates, (like getting on your home network) they still have to break into your house. (hack your computer's network defenses) Just because they're in the neighborhood doesn't mean they just can walk into your house. But that does remove one layer of defense. From there they have to (A) get the malware onto your computer, and (B) get it to execute
I work for the Department of Redundancy Department
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 14
|
Joined: Aug 2009
Likes: 14 |
It's like living in a gated community, but you still lock your doors. Great analogy.
ryck
"What Were Once Vices Are Now Habits" The Doobie Brothers
iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4 OS Ventura 13.6.3 Canon Pixma TR 8520 Printer Epson Perfection V500 Photo Scanner c/w VueScan software TM on 1TB LaCie USB-C
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
If your router supports a guest network you can set one up with its own password. This would enable visitors to access the internet via your guest network, but they won't "see" your computer or any other devices on your local area network.
One caveat: there is no such thing as "invulnerable" when it comes to computing in general and networking in particular. The best anyone can do is make themselves less vulnerable to exploits.
Last edited by joemikeb; 11/21/15 12:04 AM.
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: Wireless Security
|
|
OP
Joined: Aug 2009
|
EarthLink told me they offer a Firewall service for $6 a month. Is this useful? I don't really understand what it does.
Last edited by slolerner; 11/21/15 01:54 PM. Reason: More
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
Earthlink offers a pretty good explanation of what a firewall is and what their service purports to do. However, when you mentioned the $6 a month fee that conjured images of someone in a ski mask, pointing a gun, and demanding my wallet. - OS X has its own firewall. In El Capitan it is turned on or off and configured in System Preferences > Security & Privacy > Firewall
- Most routers have a built in firewall and NAT (Network Address Translation) that will protect your entire Local Area Network
- OpenDNS Family Shield service is FREE and offers similar protections for all your network devices and if you want even more control including whitelist capabilities it only costs $20 a year.
- Sandboxing in iOS (and I would assume in sandboxed OS X Apps as well) arguably eliminates the need for firewall protection
I currently have NAT running on my router and the router is configured to use OpenDNS as its DNS server. I could configure all my computers on the LAN to use the OpenDNS servers as well but that seems to me overkill. NOTE 1: In both OS X and iOS the DNS server is separately configured for each network, so if you have a laptop, iPhone, iPad, or iPod and you are connecting to multiple networks and wish to have the OpenDNS protection you will have to configure each network you join individually. On the other hand once you have joined a network either OS X or iOS will remember the configuration for that network. NOTE 2: Data Cellular connections in iOS cannot be configured and will always use the host telco DNS service.
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: Wireless Security
|
|
OP
Joined: Aug 2009
|
I have the following Internet Filter options on my router:
Filter anonymous internet requests (selected by default) Filter multicast (deselected by default) Filter internet NAT redirection (deselected by default) Filter indent (Port 113) (Selected by default)
All the following are enabled by default:
Firewall:
IPv4 SPI firewall protection IPv6 SPI firewall protection
VPN Passthrough:
IPSec Passthrough PPTP Passthrough L2TP Passthrough
Edit 1: It also has a button that says "Add IPv6 Firewall Setting" Edit 2: I don't know where to change or set the DNS server?
Last edited by slolerner; 11/27/15 02:49 AM. Reason: more
Mid 2010 MacBook Pro 13" 2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5 1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD HP Laserjet 6MP printing postscript via 10/100 Intel print server Netgear WN2500RP Range Extender (Ira rocks!) Linksys WRT1900AC Wireless Router Brother MFC-9340CDW Color Laser iPad Air
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
The DNS settings are in the router setup where you specify the LAN settings, and that is different in every make and model router. Failing that, - in OS X you set the DNS server in System Preferences > Network > Advanced > DNS.
- in iOS 9 Settings > WiFI > your network id > touch the "info" icon > DNS
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
I drank too many caffeinated beverages at the Thanksgiving feed today and now i can't sleep so i looked up your router manual to find out how to configure it to disburse the OpenDNS servers to devices on your network. Too bad your router is not compatible with Apple's Airport Utility, or it would be a lot easier, but see page 27 of the Linksys WRT1900AC Wireless Router Manual for setting the DHCP (Dynamic Host Configuration Profile) values including the DNS values. While you are rummaging around with the settings, I would also suggest turning NAT (Network Address Translation) ON unless you have a specific reason not to do so. It provides a layer of protection between devices on your network and the internet.
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: Wireless Security
|
|
OP
Joined: Aug 2009
|
First of all, thank you so much for your research. That was very kind of you.
So, if I set the router as you specified, then it is not necessary or possibly a conflict to change the settings on my MBP as well?
Edit: Does getting the Open DNS Family Shield from EarthLink have any conflicts with changing the DNS settings on my router?
Note: I just feel the need to just lock things down because I really hate problems that might have been avoided.
Last edited by slolerner; 11/27/15 02:44 PM. Reason: More
Mid 2010 MacBook Pro 13" 2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5 1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD HP Laserjet 6MP printing postscript via 10/100 Intel print server Netgear WN2500RP Range Extender (Ira rocks!) Linksys WRT1900AC Wireless Router Brother MFC-9340CDW Color Laser iPad Air
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
So, if I set the router as you specified, then it is not necessary or possibly a conflict to change the settings on my MBP as well? Changing the DNS servers on your router will give any device connected to your LAN (Local Area Network) protection. If you set it in OS X or iOS only that one device is shielded. There is no advantage or disadvantage to changing the DNS server on the router and on OS X or iOS. NOTE: a few years ago there was a trojan that would change the DNS setting in OS X, but Apple quickly got out an update that prevented the exploit from working. Edit: Does getting the Open DNS Family Shield from EarthLink have any conflicts with changing the DNS settings on my router? There would be no conflict because changing the DNS settings on your router or OS X or IOS would replace the Earthlink service. If Earthling really said OpenDNS Family Shield, that the same name as the free service I suggested to you and is copyright protected by OpenDNS. I looked at the Earthlink web site and didn't find any mention of OpenDNS Family Shield but because of the copyright issue that would have to be the same service. If Earthlink is offering the service for $6 a month, why not get it FREE directly from OpenDNS? As I said previously if you want even more control OpenDNS Home VIP is available for $19.95 a year or an annual savings of $50. Note: I just feel the need to just lock things down because I really hate problems that might have been avoided. You have the same desire that all prudent internet users should have. Unfortunately because there are billions of Dollars, Euros, Pounds Sterling, Yen, etc. that can be made via malware of one sort or another, there are no guaranteed protections short of totally abandoning the use of the internet. All any of us can do — even me who takes constant risks running beta software — is take reasonable precautions. The single best protection does not exist in software or hardware. It is in the grey matter between human ears and behind human eyes. Staying alert and maintaining a cautious attitude.
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: Wireless Security
|
|
OP
Joined: Aug 2009
|
Yes, I remember the DNS Changer virus. What does OpenDNS exactly do? I remember awhile back I tried changing the DNS server because Earthlink's were slow, but there was a list of reports for each DNS's authenticity. Some were suspect.
It's not just people trying to get money by hacking, it's a 'sport' too. So, it seems even the experts are having trouble tracking down the motivation and intent.
Mid 2010 MacBook Pro 13" 2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5 1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD HP Laserjet 6MP printing postscript via 10/100 Intel print server Netgear WN2500RP Range Extender (Ira rocks!) Linksys WRT1900AC Wireless Router Brother MFC-9340CDW Color Laser iPad Air
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 15
|
Joined: Aug 2009
Likes: 15 |
All any of us can do — even me who takes constant risks running beta software — is take reasonable precautions. The single best protection does not exist in software or hardware. It is in the grey matter between human ears and behind human eyes. Staying alert and maintaining a cautious attitude. Judging from your experience as you've related it, I assume that you've often tried to teach people to use "common sense", an endeavor in which I've experienced a hopelessly depressing, virtual 100% failure rate. Have you done any better?
The new Great Equalizer is the SEND button.
In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
|
|
Re: Wireless Security
|
|
OP
Joined: Aug 2009
|
"Macs don't get viruses."
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 5
Moderator
|
Moderator
Joined: Aug 2009
Likes: 5 |
Artie, let's try to stay with troubleshooting in the non-lounge arena please....this comment doesn't lead the topic forward and in fact seems to be leading the topic sideways.
Freedom is never free....thank a Service member today.
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
.… What does OpenDNS exactly do? … OpenDNS does the same thing any other DNS (Domain Name System) Server does, it translates URLs (Uniform Resource Locator) names such as www.finetunedmac.com into an IP (Internet Protocol) address such as decimal 192.254.225.125 (hexadecimal C0.FE.E1.7D or Binary 1100 0000 1111 1110 1110 0001 0111 1101) that is used to route traffic on the internet. URL naming services submit the domain name and its associated IP address to the system and it is then propagated or copied to every other DNS server in the world. Although DNS service is free to the user providers often view the service as an additional source of revenue by legal or even illegal means. The legal means of getting revenue is from selling "suggested" alternative sites when an unknown or malformed URL is received. Illegal DNS servers either route the traffic to faux copies of legitimate sites or trap out data going to or from legitimate sites. In either case it is identity theft pure and simple. Virtually all internet providers have their own DNS server(s) and a substantial number of them view the service as a legal revenue source. Additionally many ISPs save money by providing only minimal server capacity resulting in slow — sometimes painfully slow — response times. Google offers public DNS servers and not surprisingly makes money from advertisers for various services rendered. The financial model used by OpenDNS is to provide users with free protection from the bad guys and charging for additional controls and protections when they are desired or needed. The bulk of their income comes from institutional users who have more elaborate constraints and control needs than most individual users. I use DNSCrypt which encrypts all communications with the DNS server on all my Macs and it controls the IP address of the OpenDNS server so that overrides the setting in my router. But my iOS devices are protected by the setting in the router when they are on my LAN. FULL DISCLOSURE: I have no pecuniary or other relationship with Cisco or OpenDNS other than that of a user of long standing. I did try what OpenDNS now calls OpenDNS Home VIP for a year, but I found it did not offer enough added value to continue. I was unaware until today that OpenDNS is now owned by Cisco. By-the-way any time you see an IP address in the range of 10.0.0.0 to 10.255.255.255 172.16.0.0 to 172.31.255.255 192.168.0.0 to 192.168.255.255 169.254.0.0 to 169.254.255.255Those are "reserved" for use only on a LAN and your router will not route them to the internet.
Last edited by joemikeb; 11/27/15 11:09 PM. Reason: Add reserved IP addresses
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: Wireless Security
|
|
OP
Joined: Aug 2009
|
Thanks. The name OpenDNS has that 'public' sound to it, but I now understand what it is. It is highly monitored, more secure than EarthLink. Sounds good. I think whenever I have slow internet access it is actually their DNS because in Firefox the black circle on the page tab goes backwards for awhile (sometimes a long while) and then turns to a forwards blue circle and the page loads shortly after that. I suspect that interval is the DNS look-up.
Mid 2010 MacBook Pro 13" 2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5 1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD HP Laserjet 6MP printing postscript via 10/100 Intel print server Netgear WN2500RP Range Extender (Ira rocks!) Linksys WRT1900AC Wireless Router Brother MFC-9340CDW Color Laser iPad Air
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 8
|
Joined: Aug 2009
Likes: 8 |
I use DNSCrypt which encrypts all communications with the DNS server on all my Macs and it controls the IP address of the OpenDNS server so that overrides the setting in my router. But my iOS devices are protected by the setting in the router when they are on my LAN. Is DNSCrypt unnecessary with a VPN (Virtual Private Network)?
On a Mac since 1984. Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
|
|
Re: Wireless Security
|
Joined: Aug 2009
Likes: 16
Moderator
|
Moderator
Joined: Aug 2009
Likes: 16 |
Is DNSCrypt unnecessary with a VPN (Virtual Private Network)? DNSCrypt can be used with a VPN. They are complimentary services. DNSCrypt works with all traffic and some (many?) sites block VPN.
If we knew what it was we were doing, it wouldn't be called research, would it?
— Albert Einstein
|
|
Re: Wireless Security
|
|
Joined: Aug 2009
|
... But my iOS devices are protected by the setting in the router when they are on my LAN. ... There is a way to setup your iOS devices using the same, public OpenDNS address settings as on one's Mac and will be in effect when one is on a different WiFi connection than is being provided by one's LAN router. I also use OpenDNS / DNSCrypt on my Mac, having changed from Google's servers years ago, and I have my iPhone & iPad WiFi connections set to OpenDNS servers having used the following instructions from OS X Daily (albeit their instructions are showing settings for Google DNS servers): Change iOS DNS Settings
MacStudio M1max - 14.4.1, 64 GB Ram, 4TB SSD; Studio Display; iPhone 13mini; Watch 9; iPadPro (M2) 11" WiFi
|
|
Re: Wireless Security
|
|
OP
Joined: Aug 2009
|
I use DNSCrypt which encrypts all communications with the DNS server on all my Macs and it controls the IP address of the OpenDNS server so that overrides the setting in my router. But my iOS devices are protected by the setting in the router when they are on my LAN. 1) Does DNSCrytp change my IP range? Can I still have a static IP for one of my devises? 2) Does DNSCrypt encrypt my email? One of my older accounts won't set up as SSL and that would be a good thing. 3) Does it not protect iOS devices? I need an explanation I can understand.
Mid 2010 MacBook Pro 13" 2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5 1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD HP Laserjet 6MP printing postscript via 10/100 Intel print server Netgear WN2500RP Range Extender (Ira rocks!) Linksys WRT1900AC Wireless Router Brother MFC-9340CDW Color Laser iPad Air
|
|
Re: Wireless Security
|
|
Joined: Aug 2009
|
I think I can help explain, but I'm not an expert. DNSCrypt is a Mac client, residing in System Preferences and facilitating the connection to OpenDNS servers (now, owned by Cisco) for browser web site activity. Using DNSCrypt (OpenDNS) only facilitates DNS activity on one's Mac. On your Mac, when using DNSCrypt (OpenDNS), it's not changing your internal IP range. In your OS X Network pref, there's a DNS Server setting (127.0.0.54) in the Advanced -> DNS -> DNS Servers tabs that points your Mac's Network pref to OpenDNS's public IP servers that are set within your router DNS settings, which have the OpenDNS's public DNS server addresses (208.67.222.222 & 208.67.220.220). I have my Network pref "Config IPv4" set to "DHCP with manual address" where I've set my Mac's internal IP to a specific, internal IP address that my router reserves solely for my Mac. For iOS devices, see my previous post where one can set an iOS device, for use outside one's WiFi router, to point towards the OpenDNS servers when in the public realm. When your iOS devices are on your own WiFi network (and you're using OpenDNS), your network router is governing how your iOS devices get DNS addresses for Mobile Safari. DNSCrypt does not encrypt email. Here's a link to GitHub, which provides a bit more detail, but is a real geek site and not oriented towards non-experts (myself included)... GitHub's DNSCrypt client
MacStudio M1max - 14.4.1, 64 GB Ram, 4TB SSD; Studio Display; iPhone 13mini; Watch 9; iPadPro (M2) 11" WiFi
|
|
Re: Wireless Security
|
|
OP
Joined: Aug 2009
|
My IP range is 192.000... and I have a static IP on the range extender connected to the printer otherwise if I reboot the router, I have to find the printer again by having the print server print a page 'telling me' where it is and have to reset the print control panel. (note: if the Internet is slow or not working it doesn't effect my printer right now and I don't want to change that.)
Note: On the link you gave, it appears there is not a DNSCrypt version for OSX 7.5. Is OpenDNS something that will run well without it?
Does DNSCrypt encrypt your browsing history, I mean, is it just for privacy or is it for security, or just to assist openDNS?
And, does using OpenDNS make it difficult for someone who comes over to connect to my network? And am I right that DNSCrypt lives on my computer and OpenDNS lives on the router?
Last edited by slolerner; 11/28/15 07:29 PM.
Mid 2010 MacBook Pro 13" 2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5 1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD HP Laserjet 6MP printing postscript via 10/100 Intel print server Netgear WN2500RP Range Extender (Ira rocks!) Linksys WRT1900AC Wireless Router Brother MFC-9340CDW Color Laser iPad Air
|
|
|
|