TiVo Community Forum banner
1 - 14 of 14 Posts

·
Registered
Joined
·
1 Posts
Discussion Starter · #1 ·
Hi All -

Just got a TiVo for Christmas, along with a USB Wireless Adapter. Very much enjoying it so far!

I've searched the forums on issues related to security, but didn't find an answer to the following:

As background:
I have a desktop computer and a wireless router attached to it. Most of the time on the internet at my house is on the desktop, which would use a wired network connection. My work computer has built-in wireless, so occasionally I use it for web surfing when someone else is using the desktop, or when I'm in another part of the house. I originally set up my network using WPA-PSK security, but have downgraded it to WEP to use TiVo wireless.

My main question: Is my exposure to using a weak encryption scheme such as WEP limited only to data that I transmit wirelessly? By that, is there there any way that a hacker could have visibility to data on a hard drive, on either my desktop or laptop?

If I'm only exposed on transmitted data, I'm not too concerned. - I'll downgrade the security for now and wait (hope!) for TiVo to implement WPA. This is acceptable to me since my wireless usage is rather light, and WEP should at least deter a casual attempt to intercept my wireless usage. But if my main home computer is somehow exposed, I may reconsider and switch to a wired network connection or a phone connection.

I appreciate any responses - I'm quickly coming up on the return deadline for my wireless adapter.
 

·
Registered
Joined
·
2,144 Posts
If you have any services running on your computers (file sharing, iTunes, Remote Desktop, VNC, etc) then any hacker can get into those. With a broken WEP it's like having a port to your router on the pole outside your house that anyone can tap into.

WEP key can be broken in minutes, but it is likely only to happen by bored teenagers next door and people out to get YOU specifically.
 

·
Registered
Joined
·
7,069 Posts
ADent said:
If you have any services running on your computers (file sharing, iTunes, Remote Desktop, VNC, etc) then any hacker can get into those. With a broken WEP it's like having a port to your router on the pole outside your house that anyone can tap into.

WEP key can be broken in minutes, but it is likely only to happen by bored teenagers next door and people out to get YOU specifically.
A hacker can't get into iTunes. There is an option to share your music on your lan. But even if a 'hacker' got access to your network, what are they going to do? Listen to your itunes music? Wow, that would be scary. If you don't have any security around VNC or remote desktop, then that is your own problem. Frankly, each machine connected to the lan should be secure as well, no matter what encryption you are using on your router.
 

·
Dumb Blond
Joined
·
45,249 Posts
Well, there's lots they could do to cause mischief. Send spam and viruses, perhaps read your files, etc.
 

·
Registered
Joined
·
7,069 Posts
stevel said:
Well, there's lots they could do to cause mischief. Send spam and viruses, perhaps read your files, etc.
Perhaps read your files? If you are concerned with security they want have that access. Sure they can send spam, but if you set your router up correctly, you can even make that difficult. But if you want security, you can easily run your own VPN server. That is the only real protection you will have from sniffing anyway.
 

·
Registered
Joined
·
7 Posts
I am not sure why everyone is worried about WPA support. If you have a modern wireless access point you can use MAC filtering and block unknown devices from connecting to your access point.

This way it does not really matter and if you are running even the basic Windows XP firewall and have your machine configured properly, the security risk is very low even if someone somehow connected to your network.

Like anyone is going to waste their time trying to hack your network when there are so many corporate wireless networks that are not secure and just turing on your Windows computer is probably more dangerous than the threat from not having WPA.

Even if someone could sniff your traffic and connect, all of your sensitive data should be encrypted anyway. If you are banking you are using SSL, if you are transferring files you should be using SFTP and so on. So someone sees that you are downloading Dukes of Hazzard from your Tivo to your desktop because the link is not protected by WEP or WPA, show cares. It is not like you are transferring and storing your tax returns on your Tivo (not yet anyway!)
 

·
Registered
Joined
·
519 Posts
hksimpson said:
I am not sure why everyone is worried about WPA support. If you have a modern wireless access point you can use MAC filtering and block unknown devices from connecting to your access point.

This way it does not really matter and if you are running even the basic Windows XP firewall and have your machine configured properly, the security risk is very low even if someone somehow connected to your network.

Like anyone is going to waste their time trying to hack your network when there are so many corporate wireless networks that are not secure and just turing on your Windows computer is probably more dangerous than the threat from not having WPA.

Even if someone could sniff your traffic and connect, all of your sensitive data should be encrypted anyway. If you are banking you are using SSL, if you are transferring files you should be using SFTP and so on. So someone sees that you are downloading Dukes of Hazzard from your Tivo to your desktop because the link is not protected by WEP or WPA, show cares. It is not like you are transferring and storing your tax returns on your Tivo (not yet anyway!)
Ouch, you need to do some research quickly!

MAC address filtering - sounds good in theory, but in practice is easy to bypass - just listen in to see what MAC addresses are being used, and then set yours to one of them. Security bypassed. It is still worth doing, but just don't rely on it.

Once an intruder is on your network, they're inside your firewall, and then may be able to get access to any shared services such as file shares - where they may be able to find 'interesting' documents.
 

·
Registered
Joined
·
7 Posts
john123 said:
Ouch, you need to do some research quickly!

MAC address filtering - sounds good in theory, but in practice is easy to bypass - just listen in to see what MAC addresses are being used, and then set yours to one of them. Security bypassed. It is still worth doing, but just don't rely on it.

Once an intruder is on your network, they're inside your firewall, and then may be able to get access to any shared services such as file shares - where they may be able to find 'interesting' documents.
That us why you don't reply on one level of security and harden your computer too. That would include a software firewall and more.

Also, normally when a device that has MAC filtering enabled does not recognize the MAC of a device that might be running say a packet sniffer, it should deny any access to that device and network traffic, so I don't know how one would look for a MAC to clone, though I have heard that a determined hacker might be able to do it. Again, turing off SSID broadcast makes you a less likely target too.

This all boils down to ease of access and the gain from hacking a home network. On my street there are at least 10 wireless networks that are completely open with no WEP and they are broadcasting their SSID. They are easy targets and mine is not. Especially since even if someone gained physical access to the wired portion of my home network, they would need to hack my software firewall and my machine is protected in other ways too.

You could go one step further and limit the access of a device with a partical MAC has access so that even if they cloned the MAC of a device already on your network and had access, you can limit them access to particular services and ports. This kind of advanced filtering is available in Linksys products.
 

·
Registered
Joined
·
519 Posts
hksimpson said:
That us why you don't reply on one level of security and harden your computer too. That would include a software firewall and more.

Also, normally when a device that has MAC filtering enabled does not recognize the MAC of a device that might be running say a packet sniffer, it should deny any access to that device and network traffic, so I don't know how one would look for a MAC to clone, though I have heard that a determined hacker might be able to do it. Again, turing off SSID broadcast makes you a less likely target too.
A quick google search confirms my understanding : http://www.kismetwireless.net/ -

Kismet identifies networks by passively collecting packets and detecting standard named networks, detecting (and given time, decloaking) hidden networks, and infering the presence of nonbeaconing networks via data traffic.

So, they just need to listen in (i.e. no connection to network required) to enough traffic to figure out the WEP key, at which point they can view all traffic over the wireless network - MACs and all. They then just need to clone the MAC, and connect away. Turning off the SSID makes no difference - maybe just slows them down slightly.

This all boils down to ease of access and the gain from hacking a home network. On my street there are at least 10 wireless networks that are completely open with no WEP and they are broadcasting their SSID. They are easy targets and mine is not. Especially since even if someone gained physical access to the wired portion of my home network, they would need to hack my software firewall and my machine is protected in other ways too.
Yep, I have WEP set, MAC filtering, don't broadcast my SSID, software firewalls, but I'm still not happy having to avoid using better security for the network simply because my TiVo's don't yet support it. I felt this way a over a year ago, and the situation still hasn't changed. It seems everyone except TiVo knows how bad WEP is.
 

·
Banned
Joined
·
3,959 Posts
Don't worry about MAC. Buy a Mac.
 
1 - 14 of 14 Posts
Top