As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

Quick question: Cable vs. WiFi Secrurity

Alfred J. KwakAlfred J. Kwak Registered User
edited July 2010 in Help / Advice Forum
Hey there, I had a argument with a friend about whether or not WiFi connections are more secure than cable connections. He especially pointed out that's easier to track people with cable connections . I consider us both novices at best in this area, so some outside help is due to solve this silly situation.

Alfred J. Kwak on

Posts

  • bowenbowen How you doin'? Registered User regular
    edited June 2010
    It is much easier to packet snoop on a wired connection. However, the infrastructure pretty much limits it to people who can hardwire into the network. So, security wise? It's "do I trust you enough to put you on my network?"

    WiFi has the ability encrypt data being transmitted, however, anyone can monitor it with the right equipment.

    Regardless of encryption of traffic, hardwire networks will always be more secure.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • SipexSipex Registered User
    edited June 2010
    Through a router? I'm probably wrong but I thought if you have a WiFi computer and a Wired computer in a router they're both equally easy to track because their security is dependant on the router.

    Wireless connections, however, remain forever more vulnerable to outside scamps trying to steal your WiFi.

    Sipex on
    Horseshoe wrote:
    I've got good news and bad news about 6th level, That Guy. The good news is that Forbiddance spell allows you to prevent enemies different alignment from entering a consecrated area, which is actually useful! The bad news is that the only other new sixth level spell makes lunch for everybody. Guess which one the party is going to expect you to cast.
  • EggyToastEggyToast Registered User regular
    edited June 2010
    How does the wifi connection eventually access the Internet? It hits a wire at some point, which renders much of the argument moot -- starting with the same security and then adding another access layer on top of it is inherently less secure. A wired connection by itself is vulnerable only to hardware access. A wired connection with wifi access enabled means that you only need wifi in order to attempt to access the hardware.

    EggyToast on
    || Flickr — || PSN: EggyToast
  • Alfred J. KwakAlfred J. Kwak Registered User
    edited June 2010
    So this means cable connection security > wireless connection security as it is hard for outsiders to come by your data.

    Alfred J. Kwak on
  • bowenbowen How you doin'? Registered User regular
    edited June 2010
    Yes, if you have the choice between wire and wireless, go with the wired option.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • SipexSipex Registered User
    edited June 2010
    Yes, especially if you're in a college housing area/building. No one will hack you more 'just because' than a college student who's just learning the trade.

    Bastards locked me out of a router, idiots.

    Sipex on
    Horseshoe wrote:
    I've got good news and bad news about 6th level, That Guy. The good news is that Forbiddance spell allows you to prevent enemies different alignment from entering a consecrated area, which is actually useful! The bad news is that the only other new sixth level spell makes lunch for everybody. Guess which one the party is going to expect you to cast.
  • bowenbowen How you doin'? Registered User regular
    edited June 2010
    lol sipex

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • RuckusRuckus Registered User regular
    edited June 2010
    Wired is more secure. As a Network Support Technician I would never willingly allow the installation of a Wireless Access Point or even WiFi Router with WiFi disabled on any of the networks I professionally admin.

    Though on my personal and extended family I configure wireless with WPA2 encryption. There's no such thing as a 100% secure network, but the existing security options are enough to dissuade most unauthorized access attempts.

    Ruckus on
    Raneados wrote: »
    so what SPECIFICALLY is the problem with my hole?
  • TomantaTomanta Registered User regular
    edited June 2010
    Play this experiment. Get two other people. Write something on a piece of paper and label it 'wired'. Hand that to person #2, then ask person #3 what it says.

    Then shout something at person #2 and ask person #3 what you said.

    EDIT: "easier to track" doesn't make any sense. ANY connection can be tracked. Something connected with WiFi is connected to a wired connection somewhere. And everything has an IP address and, more specifically, a unique MAC address. So unless they are looking for some very narrow definition of "security", wired is almost always going to win.

    Tomanta on
  • TavataarTavataar Registered User regular
    edited June 2010
    Tomanta wrote: »
    Play this experiment. Get two other people. Write something on a piece of paper and label it 'wired'. Hand that to person #2, then ask person #3 what it says.

    Then shout something at person #2 and ask person #3 what you said.

    Um your analogy is assuming the wireless network is unencrypted.

    It is more like taking 2 other people, one of which speaks French, and one that doesn't. Now yell something in French to the second person. The third person heard what you said, but needs to spend the time to go look it up in order to figure out what it means.

    While people will be able to see all of your packets, they will not be able to know what is in them unless they have the proper software to decrypt your wireless. That being said, it is not really difficult for someone to be able to do that if they are willing to put the time into it.

    Is the OP asking about someone hacking into their network from the internet? Or from inside their network? If it is from the internet, then it is a moot point, like EggyToast said, since the security at the outside connection is the only barrier they need to get through.

    Tavataar on
    -Tavataar
  • TomantaTomanta Registered User regular
    edited June 2010
    Tavataar wrote: »
    Tomanta wrote: »
    Play this experiment. Get two other people. Write something on a piece of paper and label it 'wired'. Hand that to person #2, then ask person #3 what it says.

    Then shout something at person #2 and ask person #3 what you said.

    Um your analogy is assuming the wireless network is unencrypted.

    My analogy is perfect, not assuming anything. You pointed out that they could say something person #3 doesn't understand (encryption) but they are still picking up what you said even if they don't understand it. No different than encrypting stuff on a wired connection, really.

    In this analogy WEP is pig latin.

    Tomanta on
  • TavataarTavataar Registered User regular
    edited June 2010
    Tomanta wrote: »
    My analogy is perfect, not assuming anything. You pointed out that they could say something person #3 doesn't understand (encryption) but they are still picking up what you said even if they don't understand it. No different than encrypting stuff on a wired connection, really.

    In this analogy WEP is pig latin.

    Ok, I see what you are saying. But isn't the whole point whether or not the third person can make any sense out of the data? Who cares if they can hear you if they do not know what it means?

    Tavataar on
    -Tavataar
  • TomantaTomanta Registered User regular
    edited June 2010
    Tavataar wrote: »
    Tomanta wrote: »
    My analogy is perfect, not assuming anything. You pointed out that they could say something person #3 doesn't understand (encryption) but they are still picking up what you said even if they don't understand it. No different than encrypting stuff on a wired connection, really.

    In this analogy WEP is pig latin.

    Ok, I see what you are saying. But isn't the whole point whether or not the third person can make any sense out of the data? Who cares if they can hear you if they do not know what it means?

    I think that's the problem this entire thread has, we don't really know what the OP means by "security".

    But keep in mind that wired connections can be encrypted as well, so by that measure there is really no difference.

    Tomanta on
  • bowenbowen How you doin'? Registered User regular
    edited June 2010
    It's not so much that they can make sense out of the data, it's the point that they can now intercept data without any access to the equipment or infrastructure like you would wired. If your wired connection used WPA internally, it'd be even more secured than a standard wired connection.

    But the reason it doesn't have security like that by default is because there's practically no reason to.

    The fact that he yelled it in French and you heard it, gives way more of a security hole. Once he finds out you're speaking french, he can start speaking to you two as well, or use the secret information in a bad way.

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • darkgruedarkgrue Registered User regular
    edited July 2010
    Tomanta wrote: »
    EDIT: "easier to track" doesn't make any sense. ANY connection can be tracked. Something connected with WiFi is connected to a wired connection somewhere. And everything has an IP address and, more specifically, a unique MAC address. So unless they are looking for some very narrow definition of "security", wired is almost always going to win.

    Exactly.

    By definition, any Internet connection has to be addressible. The mailbox metaphor (as opposed to any gooseyness about dump trucks and tubes), is still a pretty good one. When you send a letter in the postal mail, you have to put your address on or in the letter if you want a reply. Your mailbox has to be in a known location if you want the postal worker to deliver it.

    While network addresses are much more fluid and ephemeral than house numbers and street addresses, they're still fixed and known for at least the duration of the connection. Any IP address can be tracked to some level of fidelity - the large IP blocks have published assignments. Regional blocks can be tracked by more granular databases (MaxMind has their relatively popular GeoIP product for doing exactly this). Of course, once it gets down to the individual ISP, finding out which IP address was assigned to which subscriber account at any particular time would require cooperation with that ISP - correlating their use account database with their network logs and DHCP lease server records. Generally, you'd better come with a warrant if you want that.

    The ridiculous "network traces" you see on TV shows where a line traces itself across a map - that doesn't really happen in real life. Or rather, it happens ALL THE TIME in real life, just minus the CSI or NCIS cyber-geek watching it happen in real-time - your Internet connection is as a matter of course routed all over the place. It might not be the same path every day. It might even take a different route outbound than it does returning to you. And that route may differ yet again depending on where your connecting to is (your route to Google might differ greatly than the one you take to the PA forums). Accurately geo-locating each hop is the fantasy. And few places have the infrastructure or the automation to give a "OMG it's coming from inside the house!" accuracy. You usually have to correlate a lot of data in a lot of different places, and completely tracing it is seldom automated.

    With a wireless connection, you could identify an signal and triangulate it with the right equipment, something you can't do with a wired connection (at least, not without direct knowledge of the network configuration and the details of the wiring plant).

    I suppose if you used only Starbucks' open wifi access points, and moved around frequently. But then the AP could log your MAC address, and that could be linked uniquely to your device (it's *supposed* to be a unique identifier, it isn't always). It can be changed if you root the device, I suppose. You can also never sleep in the same place twice...

    What's the risk you and you friend are concerned about in terms of being located? It's somewhat a prerequisite of using a network at all.
    bowen wrote: »
    It's not so much that they can make sense out of the data, it's the point that they can now intercept data without any access to the equipment or infrastructure like you would wired. If your wired connection used WPA internally, it'd be even more secured than a standard wired connection.

    Bowen really brings up a really well-stated point. Wireless lowers the bar for the attacker in terms of effort. Most wireless cracking can be done offline and passively (read undetectable).

    It's important to realize that the state of the art in terms of encryption cracking has been accelerating faster than most consumers realize. I'm sure most forumers realize that no WiFi encryption at all is asking for trouble and unauthorized connections on their access point. WEP is badly flawed, and can easily be cracked with open-source tools in seconds.

    WPA is good - but it's no longer any assurance of privacy or security either. With the right tools and circumstances, even that can be cracked. Exploiting implementation flaws that have been discovered over time, it's quite feasible for the at-home cracker to break WPA pre-shared keys (PSK, which is what most of us home users would choose, since I don't think most of us run RADIUS servers). It's not trivial, but it's doable for the at-home cracker to break dictionary passwords. If you've sprung some multiple of $10K, you can use rainbow tables to crack even relatively strong passwords.

    tldr; wireless has conveniences and some security, wired is relatively more secure.

    darkgrue on
  • Captain VashCaptain Vash Registered User regular
    edited July 2010
    The ridiculous "network traces" you see on TV shows where a line traces itself across a map - that doesn't really happen in real life. Or rather, it happens ALL THE TIME in real life, just minus the CSI or NCIS cyber-geek watching it happen in real-time

    I had a program that did literally exactly this 10 years ago.

    I could find it again if I had to.

    Captain Vash on
    twitterforweb.Stuckens.1,1,500,f4f4f4,0,c4c4c4,000000.png
  • MugaazMugaaz Registered User regular
    edited July 2010
    Wired connection + Encrypted VPN = As good as you ever need for personal use. Maybe some proxy servers, maybe.

    Mugaaz on
  • darkgruedarkgrue Registered User regular
    edited July 2010
    The ridiculous "network traces" you see on TV shows where a line traces itself across a map - that doesn't really happen in real life. Or rather, it happens ALL THE TIME in real life, just minus the CSI or NCIS cyber-geek watching it happen in real-time

    I had a program that did literally exactly this 10 years ago.

    I could find it again if I had to.

    I can name several. NMAP's got a pretty cool network mapping tool nowadays. It can get confused though.

    I already stated it could be done. Like I said, the absolute accuracy that the TV shows and movies portray is the fiction.

    Also, it's not possible to look at a packet and tell where it's been. You can tell where it claims to be from, and where it's going, and the last place it claims to have come from. Where it went along the way isn't stored. While it can be inferred to some degree, the only accurate way would to correlate that packet with records (if they exist at all) at each hop (or at least most).

    darkgrue on
Sign In or Register to comment.