An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Page 1 of 3 1 2 3 >
Topic Options
#37313 - 11/20/15 09:38 AM Wireless Security
slolerner Offline


Registered: 08/25/09
Loc: New York City
So, if someone comes over and hooks up to my home wireless network, can malware be transferred that way?
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
#37315 - 11/20/15 09:42 AM Re: Wireless Security [Re: slolerner]
alternaut Offline

Moderator

Registered: 08/04/09
If that person can access your Macs (or iDevices) in addition to using your WiFi, then yes.
_________________________
alternaut moderator

Top
#37316 - 11/20/15 09:48 AM Re: Wireless Security [Re: alternaut]
slolerner Offline


Registered: 08/25/09
Loc: New York City
That was fast! No, none of my devices are shared and this is not someone with bad intent, just someone who uses their computer on a lot of public networks and may have picked-up something along the way.

Top
#37317 - 11/20/15 10:05 AM Re: Wireless Security [Re: slolerner]
Virtual1 Offline


Registered: 08/04/09
Loc: Iowa
Originally Posted By: slolerner
So, if someone comes over and hooks up to my home wireless network, can malware be transferred that way?

It's like living in a gated community, but you still lock your doors. If someone manages to sneak through the gates, (like getting on your home network) they still have to break into your house. (hack your computer's network defenses)

Just because they're in the neighborhood doesn't mean they just can walk into your house. But that does remove one layer of defense. From there they have to (A) get the malware onto your computer, and (B) get it to execute
_________________________
I work for the Department of Redundancy Department

Top
#37325 - 11/20/15 12:28 PM Re: Wireless Security [Re: Virtual1]
ryck Offline


Registered: 08/04/09
Loc: Okanagan Valley
Originally Posted By: Virtual1
It's like living in a gated community, but you still lock your doors.

Great analogy.
_________________________
ryck

iMac (Retina 5K, 27", 2017), 3.4 GHz Intel Core i5, 8GB RAM, 2400 MHz DDR4
OS High Sierra 10.13.6
Canon MX712 Printer
Epson Perfection V500 Photo Scanner
Time Machine on 320GB OWC Mercury OTG Pro
Super Duper on 500GB OWC Mercury OTG Pro

Top
#37329 - 11/20/15 04:03 PM Re: Wireless Security [Re: slolerner]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
If your router supports a guest network you can set one up with its own password. This would enable visitors to access the internet via your guest network, but they won't "see" your computer or any other devices on your local area network.

One caveat: there is no such thing as "invulnerable" when it comes to computing in general and networking in particular. The best anyone can do is make themselves less vulnerable to exploits.


Edited by joemikeb (11/20/15 04:04 PM)
_________________________
joemikeb • moderator

Top
#37340 - 11/21/15 05:53 AM Re: Wireless Security [Re: joemikeb]
slolerner Offline


Registered: 08/25/09
Loc: New York City
EarthLink told me they offer a Firewall service for $6 a month. Is this useful? I don't really understand what it does.


Edited by slolerner (11/21/15 05:54 AM)
Edit Reason: More

Top
#37342 - 11/21/15 07:53 AM Re: Wireless Security [Re: slolerner]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Earthlink offers a pretty good explanation of what a firewall is and what their service purports to do. However, when you mentioned the $6 a month fee that conjured images of someone in a ski mask, pointing a gun, and demanding my wallet.
  1. OS X has its own firewall. In El Capitan it is turned on or off and configured in System Preferences > Security & Privacy > Firewall
  2. Most routers have a built in firewall and NAT (Network Address Translation) that will protect your entire Local Area Network
  3. OpenDNS Family Shield service is FREE and offers similar protections for all your network devices and if you want even more control including whitelist capabilities it only costs $20 a year.
  4. Sandboxing in iOS (and I would assume in sandboxed OS X Apps as well) arguably eliminates the need for firewall protection
I currently have NAT running on my router and the router is configured to use OpenDNS as its DNS server. I could configure all my computers on the LAN to use the OpenDNS servers as well but that seems to me overkill.

NOTE 1: In both OS X and iOS the DNS server is separately configured for each network, so if you have a laptop, iPhone, iPad, or iPod and you are connecting to multiple networks and wish to have the OpenDNS protection you will have to configure each network you join individually. On the other hand once you have joined a network either OS X or iOS will remember the configuration for that network.

NOTE 2: Data Cellular connections in iOS cannot be configured and will always use the host telco DNS service.
_________________________
joemikeb • moderator

Top
#37456 - 11/26/15 06:39 PM Re: Wireless Security [Re: joemikeb]
slolerner Offline


Registered: 08/25/09
Loc: New York City
I have the following Internet Filter options on my router:

Filter anonymous internet requests (selected by default)
Filter multicast (deselected by default)
Filter internet NAT redirection (deselected by default)
Filter indent (Port 113) (Selected by default)

All the following are enabled by default:

Firewall:

IPv4 SPI firewall protection
IPv6 SPI firewall protection

VPN Passthrough:

IPSec Passthrough
PPTP Passthrough
L2TP Passthrough

Edit 1: It also has a button that says "Add IPv6 Firewall Setting"
Edit 2: I don't know where to change or set the DNS server?



Edited by slolerner (11/26/15 06:49 PM)
Edit Reason: more
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
#37457 - 11/26/15 07:52 PM Re: Wireless Security [Re: slolerner]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
The DNS settings are in the router setup where you specify the LAN settings, and that is different in every make and model router.

Failing that,
  • in OS X you set the DNS server in System Preferences > Network > Advanced > DNS.
  • in iOS 9 Settings > WiFI > your network id > touch the "info" icon > DNS
_________________________
joemikeb • moderator

Top
#37458 - 11/26/15 10:14 PM Re: Wireless Security [Re: joemikeb]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
I drank too many caffeinated beverages at the Thanksgiving feed today and now i can't sleep so i looked up your router manual to find out how to configure it to disburse the OpenDNS servers to devices on your network. Too bad your router is not compatible with Apple's Airport Utility, or it would be a lot easier, but see page 27 of the Linksys WRT1900AC Wireless Router Manual for setting the DHCP (Dynamic Host Configuration Profile) values including the DNS values.

While you are rummaging around with the settings, I would also suggest turning NAT (Network Address Translation) ON unless you have a specific reason not to do so. It provides a layer of protection between devices on your network and the internet.
_________________________
joemikeb • moderator

Top
#37460 - 11/27/15 06:33 AM Re: Wireless Security [Re: joemikeb]
slolerner Offline


Registered: 08/25/09
Loc: New York City
First of all, thank you so much for your research. That was very kind of you.

So, if I set the router as you specified, then it is not necessary or possibly a conflict to change the settings on my MBP as well?

Edit: Does getting the Open DNS Family Shield from EarthLink have any conflicts with changing the DNS settings on my router?

Note: I just feel the need to just lock things down because I really hate problems that might have been avoided.


Edited by slolerner (11/27/15 06:44 AM)
Edit Reason: More
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
#37463 - 11/27/15 08:01 AM Re: Wireless Security [Re: slolerner]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: slolerner
So, if I set the router as you specified, then it is not necessary or possibly a conflict to change the settings on my MBP as well?

Changing the DNS servers on your router will give any device connected to your LAN (Local Area Network) protection. If you set it in OS X or iOS only that one device is shielded. There is no advantage or disadvantage to changing the DNS server on the router and on OS X or iOS.

NOTE: a few years ago there was a trojan that would change the DNS setting in OS X, but Apple quickly got out an update that prevented the exploit from working.

Originally Posted By: slolerner
Edit: Does getting the Open DNS Family Shield from EarthLink have any conflicts with changing the DNS settings on my router?

There would be no conflict because changing the DNS settings on your router or OS X or IOS would replace the Earthlink service. If Earthling really said OpenDNS Family Shield, that the same name as the free service I suggested to you and is copyright protected by OpenDNS. I looked at the Earthlink web site and didn't find any mention of OpenDNS Family Shield but because of the copyright issue that would have to be the same service. If Earthlink is offering the service for $6 a month, why not get it FREE directly from OpenDNS? As I said previously if you want even more control OpenDNS Home VIP is available for $19.95 a year or an annual savings of $50.

Originally Posted By: slolerner
Note: I just feel the need to just lock things down because I really hate problems that might have been avoided.

You have the same desire that all prudent internet users should have. Unfortunately because there are billions of Dollars, Euros, Pounds Sterling, Yen, etc. that can be made via malware of one sort or another, there are no guaranteed protections short of totally abandoning the use of the internet. frown All any of us can do — even me who takes constant risks running beta software — is take reasonable precautions. The single best protection does not exist in software or hardware. It is in the grey matter between human ears and behind human eyes. Staying alert and maintaining a cautious attitude.
_________________________
joemikeb • moderator

Top
#37466 - 11/27/15 09:28 AM Re: Wireless Security [Re: joemikeb]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Yes, I remember the DNS Changer virus. What does OpenDNS exactly do? I remember awhile back I tried changing the DNS server because Earthlink's were slow, but there was a list of reports for each DNS's authenticity. Some were suspect.

It's not just people trying to get money by hacking, it's a 'sport' too. So, it seems even the experts are having trouble tracking down the motivation and intent.
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
#37467 - 11/27/15 09:32 AM Re: Wireless Security [Re: joemikeb]
artie505 Online


Registered: 08/04/09
Originally Posted By: joemikeb
All any of us can do — even me who takes constant risks running beta software — is take reasonable precautions. The single best protection does not exist in software or hardware. It is in the grey matter between human ears and behind human eyes. Staying alert and maintaining a cautious attitude.

Judging from your experience as you've related it, I assume that you've often tried to teach people to use "common sense", an endeavor in which I've experienced a hopelessly depressing, virtual 100% failure rate. crazy frown

Have you done any better?
_________________________
The new Great Equalizer is the SEND button.

Top
#37468 - 11/27/15 10:31 AM Re: Wireless Security [Re: artie505]
slolerner Offline


Registered: 08/25/09
Loc: New York City
"Macs don't get viruses."

Top
#37469 - 11/27/15 11:59 AM Re: Wireless Security [Re: artie505]
MacManiac Offline

Moderator

Registered: 08/04/09
Loc: Paradise....on the central Ore...
Artie, let's try to stay with troubleshooting in the non-lounge arena please....this comment doesn't lead the topic forward and in fact seems to be leading the topic sideways.
_________________________
Freedom is never free....thank a Service member today.

Top
#37470 - 11/27/15 03:03 PM Re: Wireless Security [Re: slolerner]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: slolerner
.… What does OpenDNS exactly do? …

OpenDNS does the same thing any other DNS (Domain Name System) Server does, it translates URLs (Uniform Resource Locator) names such as www.finetunedmac.com into an IP (Internet Protocol) address such as decimal 192.254.225.125 (hexadecimal C0.FE.E1.7D or Binary 1100 0000 1111 1110 1110 0001 0111 1101) that is used to route traffic on the internet. URL naming services submit the domain name and its associated IP address to the system and it is then propagated or copied to every other DNS server in the world.

Although DNS service is free to the user providers often view the service as an additional source of revenue by legal or even illegal means. The legal means of getting revenue is from selling "suggested" alternative sites when an unknown or malformed URL is received. Illegal DNS servers either route the traffic to faux copies of legitimate sites or trap out data going to or from legitimate sites. In either case it is identity theft pure and simple.

Virtually all internet providers have their own DNS server(s) and a substantial number of them view the service as a legal revenue source. Additionally many ISPs save money by providing only minimal server capacity resulting in slow — sometimes painfully slow — response times. Google offers public DNS servers and not surprisingly makes money from advertisers for various services rendered. The financial model used by OpenDNS is to provide users with free protection from the bad guys and charging for additional controls and protections when they are desired or needed. The bulk of their income comes from institutional users who have more elaborate constraints and control needs than most individual users.

I use DNSCrypt which encrypts all communications with the DNS server on all my Macs and it controls the IP address of the OpenDNS server so that overrides the setting in my router. But my iOS devices are protected by the setting in the router when they are on my LAN.

FULL DISCLOSURE: I have no pecuniary or other relationship with Cisco or OpenDNS other than that of a user of long standing. I did try what OpenDNS now calls OpenDNS Home VIP for a year, but I found it did not offer enough added value to continue. I was unaware until today that OpenDNS is now owned by Cisco.

By-the-way any time you see an IP address in the range of
10.0.0.0 to 10.255.255.255
172.16.0.0 to 172.31.255.255
192.168.0.0 to 192.168.255.255
169.254.0.0 to 169.254.255.255

Those are "reserved" for use only on a LAN and your router will not route them to the internet.


Edited by joemikeb (11/27/15 03:09 PM)
Edit Reason: Add reserved IP addresses
_________________________
joemikeb • moderator

Top
#37471 - 11/27/15 04:17 PM Re: Wireless Security [Re: joemikeb]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Thanks. The name OpenDNS has that 'public' sound to it, but I now understand what it is. It is highly monitored, more secure than EarthLink. Sounds good. I think whenever I have slow internet access it is actually their DNS because in Firefox the black circle on the page tab goes backwards for awhile (sometimes a long while) and then turns to a forwards blue circle and the page loads shortly after that. I suspect that interval is the DNS look-up.
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
#37476 - 11/28/15 06:59 AM Re: Wireless Security [Re: joemikeb]
Ira L Offline


Registered: 08/13/09
Loc: California
Originally Posted By: joemikeb
I use DNSCrypt which encrypts all communications with the DNS server on all my Macs and it controls the IP address of the OpenDNS server so that overrides the setting in my router. But my iOS devices are protected by the setting in the router when they are on my LAN.


Is DNSCrypt unnecessary with a VPN (Virtual Private Network)?
_________________________
On a Mac since 1984.
Currently: 27" iMacs, Macbook Air, macOS 10.14.x,; iPhones, iPods and iPads galore!

Top
#37479 - 11/28/15 07:48 AM Re: Wireless Security [Re: Ira L]
joemikeb Offline
Moderator

Registered: 08/04/09
Loc: Fort Worth, Texas
Originally Posted By: Ira L
Is DNSCrypt unnecessary with a VPN (Virtual Private Network)?
DNSCrypt can be used with a VPN. They are complimentary services. DNSCrypt works with all traffic and some (many?) sites block VPN.
_________________________
joemikeb • moderator

Top
#37480 - 11/28/15 07:54 AM Re: Wireless Security [Re: joemikeb]
pbGuy Offline


Registered: 08/04/09
Loc: Portland, Oregon
Originally Posted By: joemikeb
... But my iOS devices are protected by the setting in the router when they are on my LAN. ...


There is a way to setup your iOS devices using the same, public OpenDNS address settings as on one's Mac and will be in effect when one is on a different WiFi connection than is being provided by one's LAN router.

I also use OpenDNS / DNSCrypt on my Mac, having changed from Google's servers years ago, and I have my iPhone & iPad WiFi connections set to OpenDNS servers having used the following instructions from OS X Daily (albeit their instructions are showing settings for Google DNS servers):

Change iOS DNS Settings
_________________________
MBP15 i7 (2017) - 1TB PCIe-SSD - 10.14.2, iPhone X & iPadPro 11 WiFi, Watch4

Top
#37481 - 11/28/15 08:50 AM Re: Wireless Security [Re: Ira L]
slolerner Offline


Registered: 08/25/09
Loc: New York City
Originally Posted By: joemikeb
I use DNSCrypt which encrypts all communications with the DNS server on all my Macs and it controls the IP address of the OpenDNS server so that overrides the setting in my router. But my iOS devices are protected by the setting in the router when they are on my LAN.

1) Does DNSCrytp change my IP range? Can I still have a static IP for one of my devises?
2) Does DNSCrypt encrypt my email? One of my older accounts won't set up as SSL and that would be a good thing.
3) Does it not protect iOS devices?

I need an explanation I can understand.
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
#37485 - 11/28/15 09:49 AM Re: Wireless Security [Re: slolerner]
pbGuy Offline


Registered: 08/04/09
Loc: Portland, Oregon
I think I can help explain, but I'm not an expert.

DNSCrypt is a Mac client, residing in System Preferences and facilitating the connection to OpenDNS servers (now, owned by Cisco) for browser web site activity.

Using DNSCrypt (OpenDNS) only facilitates DNS activity on one's Mac.

On your Mac, when using DNSCrypt (OpenDNS), it's not changing your internal IP range.

In your OS X Network pref, there's a DNS Server setting (127.0.0.54) in the Advanced -> DNS -> DNS Servers tabs that points your Mac's Network pref to OpenDNS's public IP servers that are set within your router DNS settings, which have the OpenDNS's public DNS server addresses (208.67.222.222 & 208.67.220.220).

I have my Network pref "Config IPv4" set to "DHCP with manual address" where I've set my Mac's internal IP to a specific, internal IP address that my router reserves solely for my Mac.

For iOS devices, see my previous post where one can set an iOS device, for use outside one's WiFi router, to point towards the OpenDNS servers when in the public realm. When your iOS devices are on your own WiFi network (and you're using OpenDNS), your network router is governing how your iOS devices get DNS addresses for Mobile Safari.

DNSCrypt does not encrypt email.

Here's a link to GitHub, which provides a bit more detail, but is a real geek site and not oriented towards non-experts (myself included)... GitHub's DNSCrypt client
_________________________
MBP15 i7 (2017) - 1TB PCIe-SSD - 10.14.2, iPhone X & iPadPro 11 WiFi, Watch4

Top
#37486 - 11/28/15 11:27 AM Re: Wireless Security [Re: pbGuy]
slolerner Offline


Registered: 08/25/09
Loc: New York City
My IP range is 192.000... and I have a static IP on the range extender connected to the printer otherwise if I reboot the router, I have to find the printer again by having the print server print a page 'telling me' where it is and have to reset the print control panel. (note: if the Internet is slow or not working it doesn't effect my printer right now and I don't want to change that.)

Note: On the link you gave, it appears there is not a DNSCrypt version for OSX 7.5. Is OpenDNS something that will run well without it?

Does DNSCrypt encrypt your browsing history, I mean, is it just for privacy or is it for security, or just to assist openDNS?

And, does using OpenDNS make it difficult for someone who comes over to connect to my network? And am I right that DNSCrypt lives on my computer and OpenDNS lives on the router?


Edited by slolerner (11/28/15 11:29 AM)
_________________________
Mid 2010 MacBook Pro 13"
2.4GHz, 750GB SATA HD, 8 GB RAM, OS 10.7.5
1 HDX1500 2TB Ext.HD, 2 HDX1500 1TB Ext.HD
HP Laserjet 6MP printing postscript via 10/100 Intel print server
Netgear WN2500RP Range Extender (Ira rocks!)
Linksys WRT1900AC Wireless Router
Brother MFC-9340CDW Color Laser
iPad Air

Top
Page 1 of 3 1 2 3 >

Moderator:  alternaut, dianne, MacManiac