Are Wi Fi Modem/Routers Secure/Safe?

Discussion in 'hardware' started by hawki, Jun 27, 2015.

  1. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,954
    Location:
    DC Metro Area
    I recently had to move apartments on short notice. My new landlord thinks a typical wired cable installation is messy - he ripped-up the former tenant's wired set-up after he moved out. My new landlord inspects the place every 3 months :-( To keep on the best possible terms with him I installed a wireless modem/router. I do not feel secure with it. Are they safe to use or do they open too many new avenues for a malware injection or data theft?
     
  2. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    If you use WPA2 with AES and set a good password it's perfectly safe from your neighbours or anybody that drives by. Of course there are government tools to modify traffic at the ISP level to serve malware but that's rare and a VPN will prevent it, but said tools should work much the same with cable Ethernet.

    It's probably best to use an open source router firmware like OpenWRT, you'll need to buy your own router instead of using your ISP's though.
     
  3. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,265
    Location:
    Nebraska, USA
    I agree with Krusty. Make sure you use encryption and set a strong password. Note you can also limit the number of device connected at one time with most routers and you can also use MAC filtering so only devices with that MAC address can connect. Also turn off SSID so you are not announcing your presence. MAC filtering and disabling the SSIS won't stop a determined badguys but will stop nosy neighbors.

    That said a determined badguy would have to be targeting you specifically. Not likely unless you really ~ Snipped as per TOS ~ someone off or have something they really really want. Most badguys are opportunists and as soon as they see you have secured your wireless with a strong passphrase, encryption, disabled SSID broadcasting and enable MAC filtering, they are going to assume you also keep your computer and Windows updated, use a local firewall and a decent and updated security too. They are not going to waste their time and instead move along and go for easy pickings down the street.
     
    Last edited by a moderator: Jun 27, 2015
  4. WildByDesign

    WildByDesign Registered Member

    Joined:
    Sep 24, 2013
    Posts:
    1,628
    Location:
    Toronto, Canada
    Have you considered HomePlug AV2 (ethernet over powerline)?
     
  5. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,265
    Location:
    Nebraska, USA
    This is a possibility but I have seen too many problems when used in older homes and apartment complexes where the wiring is old and may not be up to current code.
     
  6. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I've seen some ugly cable runs. Not only in terms of color (blue, black, and/or mixed color cables standing out against white baseboards and very light carpet, for example) but also in terms of how neat and tight the cable was run. Furthermore, some people make unnecessary holes and/or use fasteners that do some damage to walls and/or trim. I can imagine some landlords preferring to avoid that, especially if they've had to rip up runs that were left behind and repair damage.

    Can you eliminate such concerns? Can you find an aesthetically tolerable way to run the cable, avoid doing damage, and remove it before you leave or the landlord wants to show the place to someone else? What is the landlord's mindset and your relationship? Do you think you can approach him/her without creating undesired friction?
     
  7. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,265
    Location:
    Nebraska, USA
    Ethernet is still the best solution (at least for fixed networked devices) because it is faster and has fewer security concerns. But Ethernet is not always possible if you don't own the place and/or don't have full access inside walls, ceilings and floors. In my home, when I redid my basement ceiling, I ran CAT5e cables throughout the house through the basement ceiling/upstairs floor joists and installed nice RJ-45 outlets in the walls. A lot of work fishing and pulling cables, but well worth it.

    I say Ethernet has fewer security concerns, but that does not mean your wireless cannot be fully secured. It can if you follow Krusty's advice, use MAC filtering and disable SSID broadcasting.
     
  8. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
  9. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
  10. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,954
    Location:
    DC Metro Area
    Thank you all for your suggestions and advice :)

    As far as I know I do not have AES capability - only WPA2 TSK, which I have read is worthless).

    My apartment is small and I have an oriental rug that covers most of it. I ran the cable under it and very little of it showed. To my mind it looked fine, but you are reading something written by someone who for the past 30 years has used the same large, thick plank of plywood on top of two large oak hi-fi speakers with blown-out woofers as a desk/dining table and has always used those nice white with blue accent, heavy-duty Bankers Boxes/storage boxes as furniture(tables) to hold stereo equipment,etc. :)

    The typical Cox installation is done very neatly around the base board and under broadloom when possible, but I don't want to take any chances with having to move again at the end of 12 months - I have a handicap that makes moving very difficult.

    When he comes for the first "inspection - former Uber-Level-Naval Officer -"White Gloves" - I'll explain and see what he says. Been renting condo units from private owners for 30+ years and never had an inspection, let alone a quarterly inspection, but the circumstance of my having to move was on short notice - eviction proceeding summons, cuz the owner of the Unit I had been renting for the past 9 years wanted to sell the unit - so I had very little time or choice. (Yes, it's true-some morons don't buy their own home even if they could have afforded to 30 years ago. Complex story.)

    I have spoken with him and he seems like a very nice person. He is required to give 24 hours notice before he visits, so I guess I could just take up the modem cable for a few hours.
     
  11. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    That would be a deal breaker for me. Not totally worthless, but close enough.
     
  12. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    Uh, is that a typo or are you actually seeing something that says "WPA2 TSK"? I don't know what TSK is.

    WPA2 should support AES, and the non-enterprise version which uses a pre-shared key is sometimes written WPA2-PSK.
     
  13. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    I figured it was a typo also but assumed he meant TKIP. I guess we'll have to wait for him to clarify.
     
  14. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
  15. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,954
    Location:
    DC Metro Area
    Sorry - It's PSK :) my bad. My PC says it's an AES connection and the NETGEAR manual say that by default the modem is set as a WPA2-PSK (TKIP)/WPA2-PSK (AES) connection so as to be compatible with older and new PCs. I got that reading of WPA2-PSK from a Program NETGEAR gives you to set-up the modem/router. It must be outdated or is too dumb a program to spell out the full name of how the modem is set. Just like I'm too dumb to not spell PSK as TSK :)

    So I'll assume it's an AES connection. Hopefully my assumption is correct. [There is a setting in the modem for WPA2-PSK (AES) alone, but given the problems I had getting Cox to accept my modem as in inventory - 2 hours with support and a cox tech home visit, I'm afraid to mess with it. For some reason, the standard Cox Tech database of serial numbers does not have the NETGEAR C6300 "in inventory" but the cox tech home tech called his dispatcher who was able to run the serial number through another database "The Retail Database" and it was there. Why Cox has two data bases of compatible modems, one of which is not accessible by Cox Tech Support you call on the phone to set up your modem I have no idea.
     
  16. Rolo42

    Rolo42 Registered Member

    Joined:
    Jan 22, 2012
    Posts:
    569
    Location:
    USA
  17. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    4,047
    Location:
    USA
    That's the one you want. :thumb:
     
  18. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    I think there are a number of issues that one might run into when getting a device up and running on a cable network: cable company owned vs customer owned equipment, retail vs non-retail versions of a device, hardware/firmware revisions, approved (tested/accepted) vs non-approved devices, changes to that approved list over time, preferred (frequently assumed/expected) vs non-preferred but still approved equipment, differences in what is/isn't approved by the local affiliate handling your area, disparities in how their CMTS equipment is configured at different locations, varying levels of tech support rep knowledge and/or privileges, some changes requiring escalation and special approval, etc. Your description provides clues as to what might have happened, but it is hard to be sure what did happen and where things stand for you right this minute.

    If, for example, you own the device and it is not currently on the approved list then you might want to be cautious. Mainly about firmware changes including full resets back to an earlier [factory] image. I question if that would even be possible for you to do, especially now that the device is on their network and presumably subject to their firmware updates and settings, so just mentioning it.

    However, you really should be familiar with its configuration, know whether they are applying crucial firmware updates, etc. If you haven't already, you might want to carefully access the device and just read/review things. I'm inclined to think that doing so via web browser would be safer than doing so via a separate program (which may or may not be up to date and/or jive with the firmware version and/or be compatible with firmware pushed by the cable company).

    I think many settings would have no bearing on whether or not such a device is detected as one being allowed to operate on the cable company's network and your account.

    The best place to discuss details should be the cable company's forums.
     
    Last edited: Jul 1, 2015
  19. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,954
    Location:
    DC Metro Area
    Your post is informative. But to be clear: The NETGEAR C6300 is on Cox's Recommended List on Cox Support's Web Page of Compatible Modems. It is not on their "Preferred List." There do not appear to be any wi-fi modems on the preferred list and the preferred list, unlike the recommended list, does not specify the level of service (speed)the modem supports. Anyways, I have been very satisfied with Cox service and have used it for 15 years. This serial number database issue is clearly a screw-up by someone at Cox. I was lucky the Cox Tech's dispatcher was smart enough to check another database. Still do not feel secure using wi fi modem/router. I was using Kaspersky for a while, but got nervous about the SSL stuff and returned to Emisoft EMIS 9, but while I was using KIS, it would give a warning about a password or something being sent over an unsecure wi fi device,despite using AES encryption.
     
  20. prius04

    prius04 Registered Member

    Joined:
    Apr 14, 2007
    Posts:
    1,238
    Location:
    USA
    I have the same device (C6300), hawki, but Comcast is my ISP. I have to admit I don't possess anywhere near the level of knowledge as do others on this board, but can tell you that I have the security option set at WPA2-PSK [AES]. I have two desktops connected via ethernet continuously, one sporadically, and a host of devices connected wirelessly.

    I bought this device because I was (a) sick of paying Comcast ~$11/mo (including tax) for a TG862G, which has terrible wireless range and was the only rental gateway they had to offer in my market, and (b) I was tired of constantly calling Comcast to get their "Xfinitywifi" disabled, which gets broadcast by the devices they provide and seemed to appear after firmware updates and, quite often, just randomly. I've been using the C6300 since January and have had zero issues with it. Not sure it will help you much and at the risk of repetition, I have noted a few things below.

    1) Since the device is a wireless router/modem, you will not be able to update the firmware yourself; the cable companies control firmware updates for cable modems and will push out updates after they have been tested and approved (the C6300, being a combo device, is subject to the same firmware update procedures as a standalone cable modem).

    2) The C6300 is relatively new (it has been available for retail purchase for well under a year) and, as a result, some cable companies do not have the device in their database. Despite the fact that I had zero issues activating the device myself and it was on Comcast's approved device list for their highest level of service, Comcast was showing the C6300 as EOL (end-of-life) in their system according to a Comcast rep with whom I spoke. I had to escalate that issue to a higher level tech in order to get their system updated. Sheesh!

    3) The C6300 is a fairly advanced device for a wireless gateway. It is a 16x4 device (i.e., capable of bonding 16 downstream and 4 upstream channels) whereas the vast majority of cable modems in use today are probably 8x4 devices (many are still using modems that have 4 downstream channel bonding). As a result, your C6300 can support download speeds up to 680 Mbps and combines a dual band AC1750 WiFi router (3x3 MIMO) which should give you excellent wireless range and speed.
     
  21. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    1,954
    Location:
    DC Metro Area
    Thanks for the info prius :)
     
  22. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    That's fine. I was just hoping you can get past "I don't want to mess with it". If one uses WiFi they should tighten up all related settings. If one doesn't use WiFi they should disable the radios. There are other settings in a wireless router that might need tightened up as well. All such devices should be periodically checked. More frequently so if it is a device that is controlled by another party (ISP).
     
Loading...