Reply
 
Thread Tools Display Modes
 
Old 05-12-2014, 10:15 PM   #101
Senior Member
 
Nsail's Avatar
 
City: Benicia CA
Country: USA
Join Date: Mar 2012
Posts: 498
You're right, my head is exploding! But, please tell me why my head is exploding!
__________________
Advertisement

Nsail is offline   Reply With Quote
Old 05-12-2014, 10:31 PM   #102
Guru
 
Moonstruck's Avatar
 
City: Hailing Port: Charleston, SC
Country: USA
Vessel Name: Moonstruck
Vessel Model: Sabre 42 Hardtop Express
Join Date: Nov 2008
Posts: 7,848
AC wrote, " I was at Ft Pierce myself after their new installation. It was a Friday night with 40 boats online at the same time in the marina (there is remote monitoring that allows the WiFi company to view the load and they told me). I was streaming movies to 3 devices and tested my throughput on another device - 5 mbps still left for me. This was at 8 pm with 40 other users on too."

Jeff, Will has done an excellent job at FPCM. There are 2 systems there. The first is the city's open system that is available in the area around the marina. Then there is the more secure system for the marina only that your log in has to be recognized. My question is just how much more secure would this be?
__________________

__________________
Don on Moonstruck
Sabre 42 Hardtop Express & Blackfin 25 CC
When cruising life is simpler, but on a grander scale (author unknown)
http://moonstruckblog.wordpress.com/
Moonstruck is offline   Reply With Quote
Old 05-12-2014, 10:38 PM   #103
Guru


 
City: Full-time onboard
Country: USA
Vessel Model: Trawler
Join Date: Oct 2007
Posts: 937
Quote:
Originally Posted by Moonstruck View Post
The first is the city's open system that is available in the area around the marina. Then there is the more secure system for the marina only that your log in has to be recognized. My question is just how much more secure would this be?
We used our VPN there. I don't like the security they have right now. The town has a public access requirement and we're trying to help them realize that the marina part of it should have a little more security since it's a paid service for marina guests.

Marina Jack and Legacy used good security measures. It involves a WPA password and an access code that you get when you check in. The access code allows access for 1 night, 1 week, 1 month, or 1 year. The code can only be used once. That's one of the techniques of limiting access (and increasing bandwidth for paying customers). The problem with only limiting access by WPA password is that the password gets widely known within 10 minutes of it being set. But WPA is needed to encrypt the traffic between devices on the router so it's needed.
Jeffrey S is offline   Reply With Quote
Old 05-12-2014, 10:41 PM   #104
Guru
 
River Cruiser's Avatar
 
City: UMR MM283
Country: US
Vessel Name: Northern Lights II
Vessel Model: Bayliner 3870
Join Date: Jan 2013
Posts: 1,226
Quote:
Originally Posted by ksanders View Post
I don't want to quote it because its so long, but very good post AC!

Wifi, is just part of the portfolio of services that a marina offers. It will be attractive to some, and not so attractive to others.

For us, the important thing isnt wifi, its things like the proximity of shopping, and restaurants, etc... The general cleanliness, and even the pet friendliness is also very important.

We dont care about or consider the cost of our boats networking, and with LTE we can stream a high def movie, so "free wifi" wont bring us in. Same with laundry, and bathrooms. We have those, so they aren't a pull for us.

The wifi problem at our marina would be enough to move if I didn't have AT&T 4G.
__________________
Ron on Northern Lights II
I don't like making plans for the day because the word "premeditated" gets thrown around in the courtroom.
River Cruiser is offline   Reply With Quote
Old 05-13-2014, 01:32 AM   #105
Senior Member
 
MC Escher's Avatar
 
City: Central Ohio
Country: USA
Join Date: Sep 2013
Posts: 151
Quote:
Originally Posted by ActiveCaptain View Post
The WiFi part of MiFi comes by default with WPA encryption.
You mean Authentication, not encryption. Which I don't say to bust your chops, but because we shouldn't be so casual in the language.

Now for my mean culpa...

I said there was no meaningful difference between WPA and WPA2. That's not true.

"WPA1", if I can append the number used TKIP for encryption.
WPA2 still offers TKIP for those who want to use it, but mandates the more robust CCMP for encryption.

It was important for me to clarify my earlier statement because it was too casual and left out what really is an important bit.


There's also something I left out...

If anyone is setting up their own Wireless Access Point, if it has WPS or "Wi-Fi Protected Setup", then pay attention to this next bit.

If you activate it via an actual mechanical push-button, it's safe, as long as you protect physical access to the WAP. If it is a purely software based setup then there is a simple repair process that you must follow:

1) Uninstall your WAP and carefully carry it to the stern of your boat.
2) Drop it in the water.
3) Buy a new WAP with a push-button WPS.


Anyway, if you make sure that you use WPA2, choosing CCMP in the drop down menu (not TKIP) and have at least a 10 digit long alpha-numeric password that you keep to yourself, then you're actually pretty secure. Someone would typically have to associate with your WAP before your traffic becomes vulnerable.

Also, as I said, don't bother to hide your SSID. Anyone who knows enough to be a threat also knows how to use things called Beacons and Probe Responses to find you; at which point you've only suceeded in drawing their attention to you.

There IS a trick I like to use where I select an IP and Subnet Mask that limits me to just a few valid IP addresses which I then use up with stuff that never leaves the network. That's not perfect though since a disassociation flood will open up a window of opportunity for a hacker and it takes a bit of knowledge to play games with IP addresses anyway. More than a casual user has I mean.
__________________
If God didn't want me to walk on the grass, he wouldn't have left it on the ground.
MC Escher is offline   Reply With Quote
Old 05-13-2014, 01:34 AM   #106
Senior Member
 
MC Escher's Avatar
 
City: Central Ohio
Country: USA
Join Date: Sep 2013
Posts: 151
Quote:
Originally Posted by Jbear View Post
... so if you implement layer 2 isolation on the wireless are you saying you can still see someone else's traffic?

The short answer is yes. Anyone who tells you differently is lying or doesn't know what they are talking about.
__________________
If God didn't want me to walk on the grass, he wouldn't have left it on the ground.
MC Escher is offline   Reply With Quote
Old 05-13-2014, 01:36 AM   #107
Senior Member
 
MC Escher's Avatar
 
City: Central Ohio
Country: USA
Join Date: Sep 2013
Posts: 151
Quote:
Originally Posted by timjet View Post
... is the connection between my computer and my MiFi unit secure also?


The short answer is yes, but in different ways than a cellular connection or a VPN.

It's not perfect, but it's as good as it needs to be for the use it's being put to.
__________________
If God didn't want me to walk on the grass, he wouldn't have left it on the ground.
MC Escher is offline   Reply With Quote
Old 05-13-2014, 01:45 AM   #108
Senior Member
 
MC Escher's Avatar
 
City: Central Ohio
Country: USA
Join Date: Sep 2013
Posts: 151
Quote:
Originally Posted by Billylll View Post
I'm just saying a MiFi can be seen at quite a distance over water with the proper equipment.

Only a few miles, really. Then Earth Bulge gets in the way.


More importantly, SEEING the traffic and READING the traffic are two different things.

AES is not trivially broken and is mainly vulnerable to brute force attacks, which take a lot of horsepower to break in a useful amount of time.
__________________
If God didn't want me to walk on the grass, he wouldn't have left it on the ground.
MC Escher is offline   Reply With Quote
Old 05-13-2014, 01:49 AM   #109
Senior Member
 
MC Escher's Avatar
 
City: Central Ohio
Country: USA
Join Date: Sep 2013
Posts: 151
Quote:
Originally Posted by ksanders View Post
I cannot speak for Active Captain, but he seems to have some influence with marinas. Perhaps he can help them engineer more security into their systems.

The only thing a marina can do is to go full enterprise class with security by using an authentication server and IPS/IDS.

It's not actually a big deal to do from a technical standpoint but it does get into some money to do it right and nobody is likely to spend the money to do it right just to give it away for free.
__________________
If God didn't want me to walk on the grass, he wouldn't have left it on the ground.
MC Escher is offline   Reply With Quote
Old 05-13-2014, 01:52 AM   #110
Senior Member
 
MC Escher's Avatar
 
City: Central Ohio
Country: USA
Join Date: Sep 2013
Posts: 151
Quote:
Originally Posted by ActiveCaptain View Post
I believe there is a lot of change coming with marina WiFi.

I don't.

Not with convergence already happening now. (802.21)

5 years from now it will be a done deal and there wont be a decent reason to bother with WiFi away from home or office.
__________________
If God didn't want me to walk on the grass, he wouldn't have left it on the ground.
MC Escher is offline   Reply With Quote
Old 05-13-2014, 06:31 AM   #111
Guru


 
City: Full-time onboard
Country: USA
Vessel Model: Trawler
Join Date: Oct 2007
Posts: 937
Quote:
Originally Posted by MC Escher View Post
You mean Authentication, not encryption. Which I don't say to bust your chops, but because we shouldn't be so casual in the language.
Not to make a major thing about it but I most certainly meant encryption. It's the WPA key for encryption/decryption that provides access.

Ultimately what anyone connecting over WiFi should be concerned about is security. It is WPA encryption that provides that. The WPA password can be displayed on a billboard for everyone to see allowing anyone access. It's the private/public key encryption of WPA that provides the value to the WiFi user. That's the major difference from WEP.

This is all much too technical to worry about or debate.
Jeffrey S is offline   Reply With Quote
Old 05-13-2014, 08:20 AM   #112
Senior Member
 
MC Escher's Avatar
 
City: Central Ohio
Country: USA
Join Date: Sep 2013
Posts: 151
Quote:
Originally Posted by ActiveCaptain View Post
Not to make a major thing about it but I most certainly meant encryption. It's the WPA key for encryption/decryption that provides access.
Except that what I am getting at is that there is more than one thing happening.

There is Association, Authentication & Access; then there is Encryption. It matters because two different Encryption standards exist for WPA2; TKIP & CCMP, and only one of them should be considered secure.

I am making what seems to be a highly technical distinction since the choices are user selectable and people should not accidentally be led to believe that merely selecting WPA is sufficient simply because nobody pointed this out to them. They need to select WPA2/CCMP in the user configuration menu.
__________________
If God didn't want me to walk on the grass, he wouldn't have left it on the ground.
MC Escher is offline   Reply With Quote
Old 05-13-2014, 06:52 PM   #113
Guru
 
City: Tuckerton, NJ
Country: USA
Vessel Name: WIRELESS ONE
Vessel Model: 36 Gulstar MarkII
Join Date: Mar 2011
Posts: 937
Quote:
Originally Posted by ksanders View Post
I don't want to quote it because its so long, but very good post AC!

Wifi, is just part of the portfolio of services that a marina offers. It will be attractive to some, and not so attractive to others.

For us, the important thing isnt wifi, its things like the proximity of shopping, and restaurants, etc... The general cleanliness, and even the pet friendliness is also very important.

We dont care about or consider the cost of our boats networking, and with LTE we can stream a high def movie, so "free wifi" wont bring us in. Same with laundry, and bathrooms. We have those, so they aren't a pull for us.

You do realize with HetNet and SON you may no longer be the one choosing how your high speed data is delivered to your devices, using SIM card authentication many cellular carriers are off loading to 802.11AC networks and you might not even know that it's happened.
I'm glad the conversation remained civil. I'll shout it again AC is a fantastic product but it relies on a data connection at some point.
Judicious use of a VPN would be my choice for protecting my boats network.
Best,
Bill Lentz
__________________

Billylll is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off





All times are GMT -5. The time now is 04:11 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0
Copyright 2006 - 2012