Ok, so you don’t have to go that nuts to secure your WiFi but you’ve found something that’s very important to point out. Dollars to Donuts I’m betting you had WPS (WiFi Protected Setup) enabled. What this does is provides a mechanism for machines to join your network either by each end simultaneously pressing a button or by the far end client entering a numeric pin. This reduces the requirement to join your. Network from guessing a complex key or phrase to guessing 6 digits which is far far easier. What you should definitely do is unless you use this feature you should disable it immediately. Mac Filtering is ok but if I have your key I can still listen to your network and glean data. SSId hiding is bogus and counter productive. First, with the same software whether you broadcast your SSID or not makes no difference because I can still pull the hidden SSID information right out of the air. Secondly, when your hiding your SSID you’re not broadcasting your availability and thus your breaking congestion avoidance mechanisms. You should broadcast your SSID as not broadcasting gains 0 security and adds more issues than it’s worth. The Mac filtering is a good idea but the most important is turn off that WPS feature.
> On Apr 9, 2017, at 4:35 PM, Eric Oyen <eric.o...@icloud.com> wrote: > > not a problem. there are other reasons to use a VPN. However, 2 things I do > when using google: > 1. I am not signed in > 2. I always use a VPN when searching. > > Also, of late, I have been having some trust issues with my current ISP. It > seems that they sent me a notice of copyright infringement about a shared > file. only problem, I was not sharing anything. So, I had to do a full blown > security audit of my machines and network. I did, eventually, found where the > issue was (the Lingsys router I have here had a security vulnerability that > couldn't be easily closed. As a result, one of my neighbors was using it to > share files. so, even though I had the thing password protected, it was still > using a number of items that made breaking the password trivially easy with > the right software. I finally managed to get a handle on the situation by > turning off the PIN the device had, turning off SSID broadcast and engaging > MAC filtering. I still can't completely trust the device, so I use a VPN > pretty much all the time now. > > I am looking to upgrade the hardware though. A kit from Routerboard that I > can install an image of OpenBSD on would make things a lot better here. THere > are optional add-ons like WiFi B/G/A/N, a bridged set of LAN ports, an all > weather housing, etc. Once that is done and installed, I can install the VPN > package for OpenBSD on there, set it up to handle that and not worry too > much. Then, if I want to be ultra secure, I would continue to use a VPN > tunnel from my machine, thus doubling the protection. > > Now, as to why I would want to use a VPN for other than just security? It's > simple. there are some programs hosted on the web that might be regionally > restricted (like sports events). So, I would want to be able to listen > legally and not be caught up in a blackout zone. Thus, VPN allows me to place > my end point elsewhere (like NYC, Sanfransisco, Detroit, Dallas, or even a > foreign country). A VPN also gets around what my ISP does when I am viewing > something like Hulu or Netflix (they try to lower the QoS for video streaming > on content that directly competes with their cable programming). With a VPN, > they can't see the type of traffic, so they can't change its priority. They > have yet to start doing so on encrypted tunnels. Besides, I am paying for a > specific level of service and I hate it when the ISP decides that my traffic > needs to be shaped. I don't have video here, so I expect full service. btw, I > have already filed a number of complaints over this issue with both the FCC > and the FTC. each time, my service gets maxed out for a few months and then > they start the games again. > > Now, I am paying for 50 megabit/second service here and when the VPN is > active, I can still get 40 through. Thats not bad, all things considered. > Since I started using the VPN a year ago, the bandwidth shaping games have > pretty much stopped. However, lately, I have been catching RST packets being > sent from 2 hops upstream from me. That causes the VPN to drop and I have to > reconnect. looks like its time to complain again. > > anyway, thats a lot of how and why I use one. > > Is it more secure? yes. > is it absolutely secure? not a chance! A very determined hacker will still be > able to break it, but its enormously more difficult. He'll just simply move > on to an easier target. > > -eric > > On Apr 9, 2017, at 9:55 AM, Jonathan Cohn wrote: > >> Eric, >> >> I just want to correct one thing. The elimination of the ISP can't collect >> traffic rule here in the US essentially does not change anything. Congress >> can not actually shutdown entire rules without Agency changes unless they >> are brand new rules. The privacy rules were I believe supposed to go into >> effect in June, and don't forget even if those rules had gone into effect >> Google would still be collecting and selling your data. In fact, be wary of >> any free or very inexpensive internet based service, software does not just >> get created out of thin air, companies pay good money for developers, and >> disk space costs something too. >> >> In fact one reason, congress did not like the new FCC rules was that they >> only provided a that no equivalent protections of privacy could be leveraged >> by the FCC over search engines, since the FCC only regulates the pipes and >> the FTC would regulate other internet services. >> >> Please forgive any specific inaccuracies in this post, I am going off of >> materials I read in tidbits.com <http://tidbits.com/> and severalpodcasts >> that I listened to over a week ago. >> >> Best wishes, >> >> Jonathan >> >> >> >>> On Apr 9, 2017, at 12:31 PM, Eric Oyen <eric.o...@icloud.com >>> <mailto:eric.o...@icloud.com>> wrote: >>> >>> well, >>> depending on whether you use a free or paid service will make a difference >>> in both service quality and setup. I use a paid service myself. It's $7 a >>> month and is fairly reliable. I have tried some free services, but they are >>> mostly hit and miss and are not always as secure. the service I use is >>> located here: www.privateinternetaccess.com >>> <http://www.privateinternetaccess.com/> and they have both client software >>> or you can setup manually. Unfortunately, their cliente for the mac is not >>> accessible, so I use a manual setup in the preferences pane. It works >>> reasonably well. I have also done the manual setup in windows 7. This has >>> allowed me to be able to have dropbox and a few other services when I am >>> behind a firewall (like over at Voc rehab) THeir IT folks have gotten on my >>> case more than once, until I pointed out to them that their own policy does >>> not forbid the use of a vpn (it does, however, forbid the use of sharing >>> services that are unprotected on their networks). I even had one of them >>> try to break into my machine (at my request) and they found it well nigh >>> impossible. I had the firewall on that win 7 box setup so that only traffic >>> on the VPN was allowed in or out and everything else got dropped. That took >>> a lot of heavy customization on my part to make it work. >>> >>> so, if you want to run a VPN, which these days is pretty much going to be a >>> must now that ISP's aren't required to keep your info private, it is highly >>> recommended.. btw, a lot of the free vpn services are not all that >>> bandwidth friendly. thats why I use the service I do. they can support up >>> to 20 Mbits/sec. for what I do, thats a must have. >>> >>> -eric >>> >>> On Apr 9, 2017, at 9:17 AM, E.T. wrote: >>> >>>> The recent discussion about VPN got me interested but I was not ready to >>>> look into it at the time. >>>> >>>> I know the setup is done in Network prefs but where does one get >>>> information on VPN servers etc.? Thanks. >>>> >>>> From E.T.'s Keyboard. . . >>>> "God for you is where you sweep away all the >>>> mysteries of the world, all the challenges to >>>> our intelligence. You simply turn your mind off >>>> and say God did it." --Carl Sagan >>>> E-mail: ancient.ali...@icloud.com <mailto:ancient.ali...@icloud.com> >>>> >>>> -- >>>> The following information is important for all members of the Mac >>>> Visionaries list. >>>> >>>> If you have any questions or concerns about the running of this list, or >>>> if you feel that a member's post is inappropriate, please contact the >>>> owners or moderators directly rather than posting on the list itself. >>>> >>>> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark >>>> at: macvisionaries+modera...@googlegroups.com >>>> <mailto:macvisionaries+modera...@googlegroups.com> and your owner is Cara >>>> Quinn - you can reach Cara at caraqu...@caraquinn.com >>>> <mailto:caraqu...@caraquinn.com> >>>> >>>> The archives for this list can be searched at: >>>> http://www.mail-archive.com/macvisionaries@googlegroups.com/ >>>> <http://www.mail-archive.com/macvisionaries@googlegroups.com/> >>>> --- You received this message because you are subscribed to the Google >>>> Groups "MacVisionaries" group. >>>> To unsubscribe from this group and stop receiving emails from it, send an >>>> email to macvisionaries+unsubscr...@googlegroups.com >>>> <mailto:macvisionaries+unsubscr...@googlegroups.com>. >>>> To post to this group, send email to macvisionaries@googlegroups.com >>>> <mailto:macvisionaries@googlegroups.com>. >>>> Visit this group at https://groups.google.com/group/macvisionaries >>>> <https://groups.google.com/group/macvisionaries>. >>>> For more options, visit https://groups.google.com/d/optout >>>> <https://groups.google.com/d/optout>. >>> >>> -- >>> The following information is important for all members of the Mac >>> Visionaries list. >>> >>> If you have any questions or concerns about the running of this list, or if >>> you feel that a member's post is inappropriate, please contact the owners >>> or moderators directly rather than posting on the list itself. >>> >>> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: >>> macvisionaries+modera...@googlegroups.com >>> <mailto:macvisionaries+modera...@googlegroups.com> and your owner is Cara >>> Quinn - you can reach Cara at caraqu...@caraquinn.com >>> <mailto:caraqu...@caraquinn.com> >>> >>> The archives for this list can be searched at: >>> http://www.mail-archive.com/macvisionaries@googlegroups.com/ >>> <http://www.mail-archive.com/macvisionaries@googlegroups.com/> >>> --- >>> You received this message because you are subscribed to the Google Groups >>> "MacVisionaries" group. >>> To unsubscribe from this group and stop receiving emails from it, send an >>> email to macvisionaries+unsubscr...@googlegroups.com >>> <mailto:macvisionaries+unsubscr...@googlegroups.com>. >>> To post to this group, send email to macvisionaries@googlegroups.com >>> <mailto:macvisionaries@googlegroups.com>. >>> Visit this group at https://groups.google.com/group/macvisionaries >>> <https://groups.google.com/group/macvisionaries>. >>> For more options, visit https://groups.google.com/d/optout >>> <https://groups.google.com/d/optout>. >> >> >> -- >> The following information is important for all members of the Mac >> Visionaries list. >> >> If you have any questions or concerns about the running of this list, or if >> you feel that a member's post is inappropriate, please contact the owners or >> moderators directly rather than posting on the list itself. >> >> Your Mac Visionaries list moderator is Mark Taylor. You can reach mark >> at:macvisionaries+modera...@googlegroups.com >> <mailto:macvisionaries+modera...@googlegroups.com> and your owner is Cara >> Quinn - you can reach Cara at caraqu...@caraquinn.com >> <mailto:caraqu...@caraquinn.com> >> >> The archives for this list can be searched at: >> http://www.mail-archive.com/macvisionaries@googlegroups.com/ >> <http://www.mail-archive.com/macvisionaries@googlegroups.com/> >> --- >> You received this message because you are subscribed to the Google Groups >> "MacVisionaries" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to macvisionaries+unsubscr...@googlegroups.com >> <mailto:macvisionaries+unsubscr...@googlegroups.com>. >> To post to this group, send email to macvisionaries@googlegroups.com >> <mailto:macvisionaries@googlegroups.com>. >> Visit this group at https://groups.google.com/group/macvisionaries >> <https://groups.google.com/group/macvisionaries>. >> For more options, visit https://groups.google.com/d/optout >> <https://groups.google.com/d/optout>. > > > -- > The following information is important for all members of the Mac Visionaries > list. > > If you have any questions or concerns about the running of this list, or if > you feel that a member's post is inappropriate, please contact the owners or > moderators directly rather than posting on the list itself. > > Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: > macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you > can reach Cara at caraqu...@caraquinn.com > > The archives for this list can be searched at: > http://www.mail-archive.com/macvisionaries@googlegroups.com/ > <http://www.mail-archive.com/macvisionaries@googlegroups.com/> > --- > You received this message because you are subscribed to the Google Groups > "MacVisionaries" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to macvisionaries+unsubscr...@googlegroups.com > <mailto:macvisionaries+unsubscr...@googlegroups.com>. > To post to this group, send email to macvisionaries@googlegroups.com > <mailto:macvisionaries@googlegroups.com>. > Visit this group at https://groups.google.com/group/macvisionaries > <https://groups.google.com/group/macvisionaries>. > For more options, visit https://groups.google.com/d/optout > <https://groups.google.com/d/optout>. -- The following information is important for all members of the Mac Visionaries list. If you have any questions or concerns about the running of this list, or if you feel that a member's post is inappropriate, please contact the owners or moderators directly rather than posting on the list itself. Your Mac Visionaries list moderator is Mark Taylor. You can reach mark at: macvisionaries+modera...@googlegroups.com and your owner is Cara Quinn - you can reach Cara at caraqu...@caraquinn.com The archives for this list can be searched at: http://www.mail-archive.com/macvisionaries@googlegroups.com/ --- You received this message because you are subscribed to the Google Groups "MacVisionaries" group. To unsubscribe from this group and stop receiving emails from it, send an email to macvisionaries+unsubscr...@googlegroups.com. To post to this group, send email to macvisionaries@googlegroups.com. Visit this group at https://groups.google.com/group/macvisionaries. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Message signed with OpenPGP
