An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
Page 1 of 3 1 2 3
Wireless Security
#37313 11/20/15 05:38 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
So, if someone comes over and hooks up to my home wireless network, can malware be transferred that way?


Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
slolerner #37315 11/20/15 05:42 PM
Joined: Aug 2009
Likes: 1
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 1
If that person can access your Macs (or iDevices) in addition to using your WiFi, then yes.


alternaut moderator
Re: Wireless Security
alternaut #37316 11/20/15 05:48 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
That was fast! No, none of my devices are shared and this is not someone with bad intent, just someone who uses their computer on a lot of public networks and may have picked-up something along the way.

Re: Wireless Security
slolerner #37317 11/20/15 06:05 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: slolerner
So, if someone comes over and hooks up to my home wireless network, can malware be transferred that way?

It's like living in a gated community, but you still lock your doors. If someone manages to sneak through the gates, (like getting on your home network) they still have to break into your house. (hack your computer's network defenses)

Just because they're in the neighborhood doesn't mean they just can walk into your house. But that does remove one layer of defense. From there they have to (A) get the malware onto your computer, and (B) get it to execute


I work for the Department of Redundancy Department
Re: Wireless Security
Virtual1 #37325 11/20/15 08:28 PM
Joined: Aug 2009
Likes: 14
Offline

Joined: Aug 2009
Likes: 14
Originally Posted By: Virtual1
It's like living in a gated community, but you still lock your doors.

Great analogy.


ryck

"What Were Once Vices Are Now Habits" The Doobie Brothers

iMac (Retina 5K, 27", 2020), 3.8 GHz 8 Core Intel Core i7, 8GB RAM, 2667 MHz DDR4
OS Ventura 13.6.3
Canon Pixma TR 8520 Printer
Epson Perfection V500 Photo Scanner c/w VueScan software
TM on 1TB LaCie USB-C
Re: Wireless Security
slolerner #37329 11/21/15 12:03 AM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
If your router supports a guest network you can set one up with its own password. This would enable visitors to access the internet via your guest network, but they won't "see" your computer or any other devices on your local area network.

One caveat: there is no such thing as "invulnerable" when it comes to computing in general and networking in particular. The best anyone can do is make themselves less vulnerable to exploits.

Last edited by joemikeb; 11/21/15 12:04 AM.

If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #37340 11/21/15 01:53 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
EarthLink told me they offer a Firewall service for $6 a month. Is this useful? I don't really understand what it does.

Last edited by slolerner; 11/21/15 01:54 PM. Reason: More
Re: Wireless Security
slolerner #37342 11/21/15 03:53 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Earthlink offers a pretty good explanation of what a firewall is and what their service purports to do. However, when you mentioned the $6 a month fee that conjured images of someone in a ski mask, pointing a gun, and demanding my wallet.
  1. OS X has its own firewall. In El Capitan it is turned on or off and configured in System Preferences > Security & Privacy > Firewall
  2. Most routers have a built in firewall and NAT (Network Address Translation) that will protect your entire Local Area Network
  3. OpenDNS Family Shield service is FREE and offers similar protections for all your network devices and if you want even more control including whitelist capabilities it only costs $20 a year.
  4. Sandboxing in iOS (and I would assume in sandboxed OS X Apps as well) arguably eliminates the need for firewall protection
I currently have NAT running on my router and the router is configured to use OpenDNS as its DNS server. I could configure all my computers on the LAN to use the OpenDNS servers as well but that seems to me overkill.

NOTE 1: In both OS X and iOS the DNS server is separately configured for each network, so if you have a laptop, iPhone, iPad, or iPod and you are connecting to multiple networks and wish to have the OpenDNS protection you will have to configure each network you join individually. On the other hand once you have joined a network either OS X or iOS will remember the configuration for that network.

NOTE 2: Data Cellular connections in iOS cannot be configured and will always use the host telco DNS service.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #37456 11/27/15 02:39 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
I have the following Internet Filter options on my router:

Filter anonymous internet requests (selected by default)
Filter multicast (deselected by default)
Filter internet NAT redirection (deselected by default)
Filter indent (Port 113) (Selected by default)

All the following are enabled by default:

Firewall:

IPv4 SPI firewall protection
IPv6 SPI firewall protection

VPN Passthrough:

IPSec Passthrough
PPTP Passthrough
L2TP Passthrough

Edit 1: It also has a button that says "Add IPv6 Firewall Setting"
Edit 2: I don't know where to change or set the DNS server?


Last edited by slolerner; 11/27/15 02:49 AM. Reason: more

Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
slolerner #37457 11/27/15 03:52 AM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
The DNS settings are in the router setup where you specify the LAN settings, and that is different in every make and model router.

Failing that,
  • in OS X you set the DNS server in System Preferences > Network > Advanced > DNS.
  • in iOS 9 Settings > WiFI > your network id > touch the "info" icon > DNS


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #37458 11/27/15 06:14 AM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
I drank too many caffeinated beverages at the Thanksgiving feed today and now i can't sleep so i looked up your router manual to find out how to configure it to disburse the OpenDNS servers to devices on your network. Too bad your router is not compatible with Apple's Airport Utility, or it would be a lot easier, but see page 27 of the Linksys WRT1900AC Wireless Router Manual for setting the DHCP (Dynamic Host Configuration Profile) values including the DNS values.

While you are rummaging around with the settings, I would also suggest turning NAT (Network Address Translation) ON unless you have a specific reason not to do so. It provides a layer of protection between devices on your network and the internet.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #37460 11/27/15 02:33 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
First of all, thank you so much for your research. That was very kind of you.

So, if I set the router as you specified, then it is not necessary or possibly a conflict to change the settings on my MBP as well?

Edit: Does getting the Open DNS Family Shield from EarthLink have any conflicts with changing the DNS settings on my router?

Note: I just feel the need to just lock things down because I really hate problems that might have been avoided.

Last edited by slolerner; 11/27/15 02:44 PM. Reason: More

Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
slolerner #37463 11/27/15 04:01 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: slolerner
So, if I set the router as you specified, then it is not necessary or possibly a conflict to change the settings on my MBP as well?

Changing the DNS servers on your router will give any device connected to your LAN (Local Area Network) protection. If you set it in OS X or iOS only that one device is shielded. There is no advantage or disadvantage to changing the DNS server on the router and on OS X or iOS.

NOTE: a few years ago there was a trojan that would change the DNS setting in OS X, but Apple quickly got out an update that prevented the exploit from working.

Originally Posted By: slolerner
Edit: Does getting the Open DNS Family Shield from EarthLink have any conflicts with changing the DNS settings on my router?

There would be no conflict because changing the DNS settings on your router or OS X or IOS would replace the Earthlink service. If Earthling really said OpenDNS Family Shield, that the same name as the free service I suggested to you and is copyright protected by OpenDNS. I looked at the Earthlink web site and didn't find any mention of OpenDNS Family Shield but because of the copyright issue that would have to be the same service. If Earthlink is offering the service for $6 a month, why not get it FREE directly from OpenDNS? As I said previously if you want even more control OpenDNS Home VIP is available for $19.95 a year or an annual savings of $50.

Originally Posted By: slolerner
Note: I just feel the need to just lock things down because I really hate problems that might have been avoided.

You have the same desire that all prudent internet users should have. Unfortunately because there are billions of Dollars, Euros, Pounds Sterling, Yen, etc. that can be made via malware of one sort or another, there are no guaranteed protections short of totally abandoning the use of the internet. frown All any of us can do — even me who takes constant risks running beta software — is take reasonable precautions. The single best protection does not exist in software or hardware. It is in the grey matter between human ears and behind human eyes. Staying alert and maintaining a cautious attitude.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #37466 11/27/15 05:28 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Yes, I remember the DNS Changer virus. What does OpenDNS exactly do? I remember awhile back I tried changing the DNS server because Earthlink's were slow, but there was a list of reports for each DNS's authenticity. Some were suspect.

It's not just people trying to get money by hacking, it's a 'sport' too. So, it seems even the experts are having trouble tracking down the motivation and intent.


Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
joemikeb #37467 11/27/15 05:32 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
Originally Posted By: joemikeb
All any of us can do — even me who takes constant risks running beta software — is take reasonable precautions. The single best protection does not exist in software or hardware. It is in the grey matter between human ears and behind human eyes. Staying alert and maintaining a cautious attitude.

Judging from your experience as you've related it, I assume that you've often tried to teach people to use "common sense", an endeavor in which I've experienced a hopelessly depressing, virtual 100% failure rate. crazy frown

Have you done any better?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire
Re: Wireless Security
artie505 #37468 11/27/15 06:31 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
"Macs don't get viruses."

Re: Wireless Security
artie505 #37469 11/27/15 07:59 PM
Joined: Aug 2009
Likes: 5
Moderator
Offline
Moderator

Joined: Aug 2009
Likes: 5
Artie, let's try to stay with troubleshooting in the non-lounge arena please....this comment doesn't lead the topic forward and in fact seems to be leading the topic sideways.


Freedom is never free....thank a Service member today.
Re: Wireless Security
slolerner #37470 11/27/15 11:03 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: slolerner
.… What does OpenDNS exactly do? …

OpenDNS does the same thing any other DNS (Domain Name System) Server does, it translates URLs (Uniform Resource Locator) names such as www.finetunedmac.com into an IP (Internet Protocol) address such as decimal 192.254.225.125 (hexadecimal C0.FE.E1.7D or Binary 1100 0000 1111 1110 1110 0001 0111 1101) that is used to route traffic on the internet. URL naming services submit the domain name and its associated IP address to the system and it is then propagated or copied to every other DNS server in the world.

Although DNS service is free to the user providers often view the service as an additional source of revenue by legal or even illegal means. The legal means of getting revenue is from selling "suggested" alternative sites when an unknown or malformed URL is received. Illegal DNS servers either route the traffic to faux copies of legitimate sites or trap out data going to or from legitimate sites. In either case it is identity theft pure and simple.

Virtually all internet providers have their own DNS server(s) and a substantial number of them view the service as a legal revenue source. Additionally many ISPs save money by providing only minimal server capacity resulting in slow — sometimes painfully slow — response times. Google offers public DNS servers and not surprisingly makes money from advertisers for various services rendered. The financial model used by OpenDNS is to provide users with free protection from the bad guys and charging for additional controls and protections when they are desired or needed. The bulk of their income comes from institutional users who have more elaborate constraints and control needs than most individual users.

I use DNSCrypt which encrypts all communications with the DNS server on all my Macs and it controls the IP address of the OpenDNS server so that overrides the setting in my router. But my iOS devices are protected by the setting in the router when they are on my LAN.

FULL DISCLOSURE: I have no pecuniary or other relationship with Cisco or OpenDNS other than that of a user of long standing. I did try what OpenDNS now calls OpenDNS Home VIP for a year, but I found it did not offer enough added value to continue. I was unaware until today that OpenDNS is now owned by Cisco.

By-the-way any time you see an IP address in the range of
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
169.254.0.0 to 169.254.255.255

Those are "reserved" for use only on a LAN and your router will not route them to the internet.

Last edited by joemikeb; 11/27/15 11:09 PM. Reason: Add reserved IP addresses

If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #37471 11/28/15 12:17 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Thanks. The name OpenDNS has that 'public' sound to it, but I now understand what it is. It is highly monitored, more secure than EarthLink. Sounds good. I think whenever I have slow internet access it is actually their DNS because in Firefox the black circle on the page tab goes backwards for awhile (sometimes a long while) and then turns to a forwards blue circle and the page loads shortly after that. I suspect that interval is the DNS look-up.


Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
joemikeb #37476 11/28/15 02:59 PM
Joined: Aug 2009
Likes: 8
Online

Joined: Aug 2009
Likes: 8
Originally Posted By: joemikeb
I use DNSCrypt which encrypts all communications with the DNS server on all my Macs and it controls the IP address of the OpenDNS server so that overrides the setting in my router. But my iOS devices are protected by the setting in the router when they are on my LAN.


Is DNSCrypt unnecessary with a VPN (Virtual Private Network)?


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: Wireless Security
Ira L #37479 11/28/15 03:48 PM
Joined: Aug 2009
Likes: 16
Moderator
Online
Moderator

Joined: Aug 2009
Likes: 16
Originally Posted By: Ira L
Is DNSCrypt unnecessary with a VPN (Virtual Private Network)?
DNSCrypt can be used with a VPN. They are complimentary services. DNSCrypt works with all traffic and some (many?) sites block VPN.


If we knew what it was we were doing, it wouldn't be called research, would it?

— Albert Einstein
Re: Wireless Security
joemikeb #37480 11/28/15 03:54 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
Originally Posted By: joemikeb
... But my iOS devices are protected by the setting in the router when they are on my LAN. ...


There is a way to setup your iOS devices using the same, public OpenDNS address settings as on one's Mac and will be in effect when one is on a different WiFi connection than is being provided by one's LAN router.

I also use OpenDNS / DNSCrypt on my Mac, having changed from Google's servers years ago, and I have my iPhone & iPad WiFi connections set to OpenDNS servers having used the following instructions from OS X Daily (albeit their instructions are showing settings for Google DNS servers):

Change iOS DNS Settings


MacStudio M1max - 14.4.1, 64 GB Ram, 4TB SSD; Studio Display; iPhone 13mini; Watch 9; iPadPro (M2) 11" WiFi
Re: Wireless Security
Ira L #37481 11/28/15 04:50 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
Originally Posted By: joemikeb
I use DNSCrypt which encrypts all communications with the DNS server on all my Macs and it controls the IP address of the OpenDNS server so that overrides the setting in my router. But my iOS devices are protected by the setting in the router when they are on my LAN.

1) Does DNSCrytp change my IP range? Can I still have a static IP for one of my devises?
2) Does DNSCrypt encrypt my email? One of my older accounts won't set up as SSL and that would be a good thing.
3) Does it not protect iOS devices?

I need an explanation I can understand.


Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Re: Wireless Security
slolerner #37485 11/28/15 05:49 PM
Joined: Aug 2009
Offline

Joined: Aug 2009
I think I can help explain, but I'm not an expert.

DNSCrypt is a Mac client, residing in System Preferences and facilitating the connection to OpenDNS servers (now, owned by Cisco) for browser web site activity.

Using DNSCrypt (OpenDNS) only facilitates DNS activity on one's Mac.

On your Mac, when using DNSCrypt (OpenDNS), it's not changing your internal IP range.

In your OS X Network pref, there's a DNS Server setting (127.0.0.54) in the Advanced -> DNS -> DNS Servers tabs that points your Mac's Network pref to OpenDNS's public IP servers that are set within your router DNS settings, which have the OpenDNS's public DNS server addresses (208.67.222.222 & 208.67.220.220).

I have my Network pref "Config IPv4" set to "DHCP with manual address" where I've set my Mac's internal IP to a specific, internal IP address that my router reserves solely for my Mac.

For iOS devices, see my previous post where one can set an iOS device, for use outside one's WiFi router, to point towards the OpenDNS servers when in the public realm. When your iOS devices are on your own WiFi network (and you're using OpenDNS), your network router is governing how your iOS devices get DNS addresses for Mobile Safari.

DNSCrypt does not encrypt email.

Here's a link to GitHub, which provides a bit more detail, but is a real geek site and not oriented towards non-experts (myself included)... GitHub's DNSCrypt client


MacStudio M1max - 14.4.1, 64 GB Ram, 4TB SSD; Studio Display; iPhone 13mini; Watch 9; iPadPro (M2) 11" WiFi
Re: Wireless Security
pbGuy #37486 11/28/15 07:27 PM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
My IP range is 192.000... and I have a static IP on the range extender connected to the printer otherwise if I reboot the router, I have to find the printer again by having the print server print a page 'telling me' where it is and have to reset the print control panel. (note: if the Internet is slow or not working it doesn't effect my printer right now and I don't want to change that.)

Note: On the link you gave, it appears there is not a DNSCrypt version for OSX 7.5. Is OpenDNS something that will run well without it?

Does DNSCrypt encrypt your browsing history, I mean, is it just for privacy or is it for security, or just to assist openDNS?

And, does using OpenDNS make it difficult for someone who comes over to connect to my network? And am I right that DNSCrypt lives on my computer and OpenDNS lives on the router?

Last edited by slolerner; 11/28/15 07:29 PM.

Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air
Page 1 of 3 1 2 3

Moderated by  alternaut, dianne, MacManiac 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.060s Queries: 65 (0.034s) Memory: 0.7216 MB (Peak: 0.9050 MB) Data Comp: Zlib Server Time: 2024-03-28 21:34:02 UTC
Valid HTML 5 and Valid CSS