Reply
 
Thread Tools Display Modes
 
Old 05-08-2014, 08:15 PM   #21
Guru
 
twistedtree's Avatar
 
City: Gloucester, MA
Country: USA
Join Date: Jan 2013
Posts: 3,174
Quote:
Originally Posted by Wxx3 View Post
Admittedly, I know little about wifi, but I don't think the above is correct.

I'm paying the money for my verizon data simply because at least in NYC, it is clear that anyone can read pretty much anything over wifi unless you have a vpn setup.

This is discussed all the time on our business channels.
There are two "level" where the data stream is generally encrypted.

One is the wifi radio connection, and Jeff is correct that only WPA and WPA2 encrypt the whole data stream. WEP just does and access check to let you on or not, but once you are on all data is clear and unencrypted. And of course an open wifi data stream is just that.

But even if someone can listen in on the wifi radio data stream between your computer and the wifi base station, they need to be able to understand that data stream. That brings us to the next level of encryption, which is between your application and the server it is talking to.

Anytime your browser is connected to https://something or other, the entire data stream between your browser and the web server it is talking to is encrypted. Listen all you want, it will just be jibberish. Every bank and ecommerce site uses https at least for checkout, if not for the whole session. So I think that makes those browser sessions secure no mater who is listening in. No WPA wifi required. No VPN required. If you do use a WPA wifi or VPN, you are double encrypting the data stream, once by the browser, and once again to talk over the wifi or VPN channel. By once is enough.

Other applications can do the same. When you set up your email you typically connect to a POP or IMAP server. You can check a box to say you want that communications to be via SSL (Secure Socket Layer) which is the same encryption mechanism used my HPPTS. Buy the way, the "S" in HTTPS stands for HTTP over SSL. Once you have done that, all your email traffic is encrypted end to end over the internet.
__________________
Advertisement

__________________
www.MVTanglewood.com
twistedtree is offline   Reply With Quote
Old 05-08-2014, 09:38 PM   #22
Guru
 
healhustler's Avatar
 
City: Longboat Key, FL
Country: USA
Vessel Name: Bucky
Vessel Model: Krogen Manatee 36 North Sea
Join Date: Oct 2009
Posts: 4,178
Can I buy a vowel?
__________________

__________________
Larry

"I'd rather be happy than dignified".
healhustler is offline   Reply With Quote
Old 05-08-2014, 10:01 PM   #23
Senior Member
 
Great Laker's Avatar
 
City: Spring Lake, MI
Country: USA
Vessel Name: Great Laker
Vessel Model: American Tug 34
Join Date: Jan 2011
Posts: 320
[QUOTE=twistedtree;232656]

Anytime your browser is connected to https://something or other, the entire data stream between your browser and the web server it is talking to is encrypted. Listen all you want, it will just be jibberish. Every bank and ecommerce site uses https at least for checkout, if not for the whole session. So I think that makes those browser sessions secure no mater who is listening in.

Twistedtree,

You say the "entire data stream under https is encrypted. Does that include the login, or just the stream after login? If login is not encrypted someone can steal the login name and password and access your banking data.
__________________
Larry
American Tug 34 - Great Laker, and Gold Looper
Home port on the vast unsalted Lake Michigan
adventuresofgreatlaker.blogspot.com
Great Laker is online now   Reply With Quote
Old 05-08-2014, 11:01 PM   #24
TF Site Team
 
FlyWright's Avatar
 
City: California Delta and SF Bay
Country: Sacramento, CA, USA (boat in Vallejo)
Vessel Name: FlyWright
Vessel Model: Marshall Californian 34 LRC
Join Date: Apr 2008
Posts: 10,162
If I use my Rogue Wifi to pull in an unsecured wifi signal and run that through my onboard WPA-encrypted Cradlepoint wifi router to access the wifi, are my up/downloads vulnerable or am I protected by my router's encryption?
__________________
Al

Custom Google Trawler Forum Search
FlyWright is offline   Reply With Quote
Old 05-08-2014, 11:08 PM   #25
Senior Member
 
City: Nokomis
Country: USA
Join Date: Apr 2013
Posts: 181
[QUOTE=Great Laker;232690]
Quote:
Originally Posted by twistedtree View Post


You say the "entire data stream under https is encrypted. Does that include the login, or just the stream after login? If login is not encrypted someone can steal the login name and password and access your banking data.
Login pages for financial institutions of any size are highly likely to be secured. They either use a home page SSL login, or an intermediate redirect (the pause you sometimes experience and can sometimes see taking place in the address bar). The process can often be seen if you know what to look for.

Paypal and others use an HTTPS home page and there are other strategies as well. Yes, it would be possible to connect with a small retailer that does not use best practices, but the general state of the art has advanced tremendously. So has the state of the art for the crooks. If you look for absolute security, you will not find it online any more than offline.

Protect yourself by using different logins and passwords per site and generally using established institutions who cannot afford to defend themselves if they are caught using less than best available security techniques. So far, Target has lost their CEO and its CIO in its recent data breach.
harbor950 is offline   Reply With Quote
Old 05-09-2014, 12:21 AM   #26
Senior Member
 
Jbear's Avatar
 
City: Anacortes
Country: US
Vessel Name: Adelante
Vessel Model: Shin Shing, Eagle 35'
Join Date: Oct 2013
Posts: 127
Just a question, where are you "vpn'ing" to? Doesn't there have to be another end to your VPN? So are you VPN to your ISP? Or to your home network? How do you set that up?

I setup systems for hotels. Many of the guests use VPN back to their companies. The government workers can only connect by hardwire, no wireless. The true guest gateways do layer 2 isolation so that no two devices can see each other, period. If the wifi is setup correctly it also blocks intra bss which means two devices on the wireless can't see each other.

Everything CAN be hacked. It's just that there are so many easier ways to get data that a typical hacker for identity theft is going to go to a store website or something. The biggest problem we have is someone checking in and sending SPAM out or downloading illegal movies.

Hilton, IHG (Holiday Inn), Choice, Marriott, all have the same basic standards. It would seem odd that a marina wifi system wouldn't do the same. I speak daily with Anthony who manages the network for Cap Sante marina in Anacortes and they use a fairly high end system with Radius authentication server against a Mikrotik router. The wireless array was over 300K alone.

Too much techno tonight, gonna drink some wine now.
Jbear is offline   Reply With Quote
Old 05-09-2014, 06:01 AM   #27
Guru
 
timjet's Avatar
 
Join Date: Apr 2009
Posts: 1,905
Can I surf worry free and secure on my Verizon MiFi unit?
__________________
Tim
Tampa Bay
Carver 355 ACMY Twin Cummins Diesels Sold
timjet is offline   Reply With Quote
Old 05-09-2014, 06:22 AM   #28
Guru
 
twistedtree's Avatar
 
City: Gloucester, MA
Country: USA
Join Date: Jan 2013
Posts: 3,174
[QUOTE=Great Laker;232690]
Quote:
Originally Posted by twistedtree View Post

Anytime your browser is connected to https://something or other, the entire data stream between your browser and the web server it is talking to is encrypted. Listen all you want, it will just be jibberish. Every bank and ecommerce site uses https at least for checkout, if not for the whole session. So I think that makes those browser sessions secure no mater who is listening in.

Twistedtree,

You say the "entire data stream under https is encrypted. Does that include the login, or just the stream after login? If login is not encrypted someone can steal the login name and password and access your banking data.
Unless the web programmer is a complete idiot, it includes the login. Just look at the top of your browser screen and you can see when the session is secure as indicated by the https:// (note the "s"). Some browsers now have an icon instead of "https", so you may need to check how yours works.
__________________
www.MVTanglewood.com
twistedtree is offline   Reply With Quote
Old 05-09-2014, 06:28 AM   #29
Guru
 
City: Tuckerton, NJ
Country: USA
Vessel Name: WIRELESS ONE
Vessel Model: 36 Gulstar MarkII
Join Date: Mar 2011
Posts: 937
Quote:
Originally Posted by ActiveCaptain View Post
It is so incredibly simple to get into much of what you think is secure. POP is rarely SSL based. IMAP is quite secure but no one would try to break through that wall when there are so many easier ones.

Panbo challenged me with something similar a few years ago. So that evening I used free software to dump some basic network packets. It showed an open POP password within 30 seconds of use. The screen shot is still at:
http://www.panbo.com/assets_c/2010/1...egle-3090.html

And Billylll - how would you possibly know how much information was stolen from the marina hotspots that you "run" - which marinas are they (I'd love to check my notes if I've been to one). I'm working with literally hundreds of marinas right now with WiFi. Most are the most unsecure setups I've ever seen. Most of the marina WiFi setups I've seen are created by people who know just enough to be dangerous.

You either need to use cellular or you need to use a VPN. Anything else is just asking to have your identity stolen.
Simple I work with Comcast security you don't think we would be asked for MAC and IP's if people using our systems where hacked, really? Not a single LEO request for records, it's Jeff right? I remember your fear mongering on Panbo well...
Bill
Billylll is offline   Reply With Quote
Old 05-09-2014, 06:28 AM   #30
Guru
 
twistedtree's Avatar
 
City: Gloucester, MA
Country: USA
Join Date: Jan 2013
Posts: 3,174
Quote:
Originally Posted by FlyWright View Post
If I use my Rogue Wifi to pull in an unsecured wifi signal and run that through my onboard WPA-encrypted Cradlepoint wifi router to access the wifi, are my up/downloads vulnerable or am I protected by my router's encryption?

Good question. The answer is No, you are not protected. WPA encryption scrambles data over wireless connections to that wifi base station only, so in your case the data is encrypted from your laptop to your cradlepoint, but it then clear and unscrambled from your rogue wifi back to the land wifi station.

It's like nesting Russian dolls. WPA is like encrypting one of the outer dolls. HTTPS or email over SSL is like encrypting once of the inner dolls; even if the outer dolls are readable, the inner one still is not.
__________________
www.MVTanglewood.com
twistedtree is offline   Reply With Quote
Old 05-09-2014, 06:32 AM   #31
Guru
 
City: Tuckerton, NJ
Country: USA
Vessel Name: WIRELESS ONE
Vessel Model: 36 Gulstar MarkII
Join Date: Mar 2011
Posts: 937
Stick with AC it's a quality product. Leave the communications over WiFi to the providers. For the record every cellular platforms been hacked as well it's what people don't do with hacked passwords.
Stick to a VPN if your that troubled.
Bill
Billylll is offline   Reply With Quote
Old 05-09-2014, 06:42 AM   #32
Guru
 
twistedtree's Avatar
 
City: Gloucester, MA
Country: USA
Join Date: Jan 2013
Posts: 3,174
Quote:
Originally Posted by Jbear View Post
Just a question, where are you "vpn'ing" to? Doesn't there have to be another end to your VPN? So are you VPN to your ISP? Or to your home network? How do you set that up?
Another good question. VPN originates from your computer (we'll just take the case of a single user) and ends with a VPN server "somewhere". For a corporate VPN it will end at the corps network, so you have created and encrypted "tunnel" from your laptop through the public internet all the way to you corp network. Security-wise it's like plugging directly into the corp network, which is why corp typically only allow outside access that way.

If you have subscribed to a VPN service, then the encrypted "tunnel" ends at that companies server, and from there gets relayed across the public internet to it's original destination. So only part of the journey is protected, but you are still using the same old internet as the rest of us between the VPN providers server and the web site (or whatever) you are talking to. As a result, VPN services can provide incremental protection in some cases, but also a false sense of security, so use them wisely. The trouble is, the pros and cons are complicated, and it's much easier to just wrap yourself in the warm sense of security and pay for the service. Nice business model :-)
__________________
www.MVTanglewood.com
twistedtree is offline   Reply With Quote
Old 05-09-2014, 06:50 AM   #33
Guru


 
City: Full-time onboard
Country: USA
Vessel Model: Trawler
Join Date: Oct 2007
Posts: 937
Quote:
Originally Posted by Billylll View Post
Simple I work with Comcast security you don't think we would be asked for MAC and IP's if people using our systems where hacked, really? Not a single LEO request for records, it's Jeff right? I remember your fear mongering on Panbo well...
Bill
We'll there you go - had to go the personal route. Your "fear mongering" accusation were a few thousand boaters who listened to the concerns and protected themselves. I know because we helped set up nice discounts with a few major VPN players.

So give specifics. You work "with" Comcast security. What exactly does that mean? I work with them too. And give a specific list of marinas where your expertise was used. I'd love to see if I have any real involvement with the facility.

A lot of marina WiFi is installed by a friend or brother-in-law who knows a little about networking. I'm being serious. About half the time, it's a local networking company that has never done outside or difficult installations like marinas. Titusville Municipal is a good example (200 slips). They were having terrible problems. So I called the company who installed the system. They typically do dentist's offices and thought they could use their knowledge to implement marina WiFi. Total failure.

I'm now involved with a few brand new installations. Marina Jack in Sarasota is a great example (300 slips). Instead of them now telling boaters to refrain from streaming video, they now invite them to stream but ask that they limit it to only a few devices. Legacy in Ft Myers is another (200 slips). I don't know where the $300K number came from above. None of these installations were 10% of that.

Marina WiFi is difficult and nothing like hotels or anything else that exists. But I'm done with this conversation if name calling about my attempts to help continues. Knock that the #%^* off.
Jeffrey S is offline   Reply With Quote
Old 05-09-2014, 08:20 AM   #34
Guru
 
City: Tuckerton, NJ
Country: USA
Vessel Name: WIRELESS ONE
Vessel Model: 36 Gulstar MarkII
Join Date: Mar 2011
Posts: 937
Jeff or others provide a single example where your passwords were compromised and abused while using free provided WiFi.
I'm all ears...
Bill
Billylll is offline   Reply With Quote
Old 05-09-2014, 08:31 AM   #35
Guru


 
City: Full-time onboard
Country: USA
Vessel Model: Trawler
Join Date: Oct 2007
Posts: 937
You can't know where the violation occurs. What I do know is that a large number of boaters with AOL accounts end up group emailing their friends because of a hacked account. It mostly happens with my boating contacts. AOL has terrible security and allows easy hacking.

I've venture a guess that everyone on this forum has had a credit card account stolen. Prove to me that it didn't happen while buying something over the Internet from your boat.
Jeffrey S is offline   Reply With Quote
Old 05-09-2014, 08:50 AM   #36
Guru
 
kthoennes's Avatar
 
City: Sioux Falls, South Dakota
Country: USA
Vessel Name: Xanadu
Vessel Model: Mainship 37 Motor Yacht
Join Date: Oct 2013
Posts: 857
All this fretting and debate about internet connections and meanwhile we hand our credit cards to hundreds of restaurant workers, cashiers, marina fuel dock kids and dozens of others, and once in a while we still write paper checks that can be easily scanned, "washed" and copied. I only have so much time in life. Have to balance the time I spend against all the risks. We can be hacked and robbed 100 ways every day, how much time are you going to spend becoming a computer networking technician or hassle with all this just to surf the NY Times?
kthoennes is offline   Reply With Quote
Old 05-09-2014, 09:21 AM   #37
Guru


 
City: Full-time onboard
Country: USA
Vessel Model: Trawler
Join Date: Oct 2007
Posts: 937
When my dinghy is tied up to a public dock, I often lock it with a cable and lock. It's not that the defense will stop anyone who really wants my dinghy - one quick swipe with cable cutters and my dinghy is gone. But what it does do, quite effectively, is give the person interested in stealing a dinghy another choice - one that isn't locked and easier to take.

So while I'll help anyone understand how to give themselves simple types of network protection, I'm sort of happy to see others not willing to take part in it and let whatever happens, happen. The fact is, it makes me safer because it gives the would-be hacker easier choices.
Jeffrey S is offline   Reply With Quote
Old 05-09-2014, 09:26 AM   #38
TF Site Team
 
ksanders's Avatar
 
City: SEWARD ALASKA
Country: USA
Vessel Name: LISAS WAY
Vessel Model: BAYLINER 4788
Join Date: Feb 2011
Posts: 3,952
Quote:
Originally Posted by twistedtree View Post
There are two "level" where the data stream is generally encrypted.

One is the wifi radio connection, and Jeff is correct that only WPA and WPA2 encrypt the whole data stream. WEP just does and access check to let you on or not, but once you are on all data is clear and unencrypted. And of course an open wifi data stream is just that.

But even if someone can listen in on the wifi radio data stream between your computer and the wifi base station, they need to be able to understand that data stream. That brings us to the next level of encryption, which is between your application and the server it is talking to.

Anytime your browser is connected to https://something or other, the entire data stream between your browser and the web server it is talking to is encrypted. Listen all you want, it will just be jibberish. Every bank and ecommerce site uses https at least for checkout, if not for the whole session. So I think that makes those browser sessions secure no mater who is listening in. No WPA wifi required. No VPN required. If you do use a WPA wifi or VPN, you are double encrypting the data stream, once by the browser, and once again to talk over the wifi or VPN channel. By once is enough.

Other applications can do the same. When you set up your email you typically connect to a POP or IMAP server. You can check a box to say you want that communications to be via SSL (Secure Socket Layer) which is the same encryption mechanism used my HPPTS. Buy the way, the "S" in HTTPS stands for HTTP over SSL. Once you have done that, all your email traffic is encrypted end to end over the internet.
OK, finally a response that is technically correct! Great post!

And folks I am a Cisco certified network engineer

That said I find zero reason to utilize free marina wifi. I have a great cellular data plan, and last week on my boat I measured around 12mbps download speeds from AT&T's LTE system.
__________________
Kevin Sanders
Bayliner 4788
Seward, Alaska
www.mvlisasway.com
ksanders is offline   Reply With Quote
Old 05-09-2014, 09:43 AM   #39
Guru


 
City: Full-time onboard
Country: USA
Vessel Model: Trawler
Join Date: Oct 2007
Posts: 937
Quote:
Originally Posted by ksanders View Post
OK, finally a response that is technically correct! Great post!
I kinda agree with it. There is one major exception. Web developers use much more advanced techniques to comminicate between a web page and a server today. JavaScript, jquery, and other Ajax techniques are common in almost all complex websites nowadays. eBoatCards is entirely jquery/Ajax based and uses them all. What that means is that other software is communicating with servers, sending and receiving network traffic, without your knowledge of the mechanisms of encryption visible on the browser URL at the top. It's why a VPN is really the only solution for local protection.
Jeffrey S is offline   Reply With Quote
Old 05-09-2014, 09:58 AM   #40
Guru
 
twistedtree's Avatar
 
City: Gloucester, MA
Country: USA
Join Date: Jan 2013
Posts: 3,174
Quote:
Originally Posted by ksanders View Post
OThat said I find zero reason to utilize free marina wifi. I have a great cellular data plan, and last week on my boat I measured around 12mbps download speeds from AT&T's LTE system.

I'm increasing leaning that way too. Nearly all marina wifi services are barely useable, if useable at all. From Jeff's comments it sounds like it's poor network implementation as much as it's actual data congestion. 3g/4g is looking better and better all the time.

So, Marina owners and operators, please take note! Some of us don't rate you based on your bathrooms and laundry facilities. With the exception of ducking from bad weather, the main reason for us to go to a marina is wifi, but more often than not, it doesn't work in any acceptable way, so marinas are looking less and less appealing all the time.
__________________

__________________
www.MVTanglewood.com
twistedtree is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off





All times are GMT -5. The time now is 10:28 AM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2006 - 2012