I have a netgear router which i use to connect my laptops wirelessly. Secure key is enabled and most of the time i disable the broadcast of the accesspoint.
Recently i started sharing our wireless connection to our tenent who normally conenct to the hub using his linux pc. Intent is for him to give access to internet.
My question is: what are security risks in sharing the wireless connection. He is computer savvy network engineer. I wonder sharing the wireless connection would give him access to my laptops in any backdoor manner or can he sniff our data/communication. If so, how do i protect my laptops. I recently seen my laptop behave wierdly (infected pc). I started suspecting if he has anything to do with it. It could have been an internet virus but i am ruling out the possibilities one by one.
All in all i would like to know what precautions i should take in a shared wireless setup and i being the router admin.
If you are on the same wireless connection as him you are on the same network. If your machines do not have good firewall protection there is the possibility of him hacking into them. Even with good protection though, with the right stuff he can certainly sniff data flowing across the wireless connection that he has access to.
This thread has some good information about router sharing / security:
If he's on your network, you aren't "safe". If he's a network engineer, he knows how to sniff packets. The only thing you can do to thwart that is to log into a VPN and send all of your packets encrypted. If you are going to go to that trouble, just kick him off the network or isolate him properly.
On the hacking side, he can't easily access your computer if you have it set up properly. People with the title of Network Engineer have a very wide range of skills and ability levels. Just because he has that title doesn't mean he has the ability to hack into your system, but it definitely gives him a leg up over the average Joe. If you have printer and file sharing disabled, don't have any network shares hanging out there, have a password on the account, have a good firewall running, updated all the security patches, and don't have any weird services running then it will be pretty hard for him to get in. Not impossible, but hard. Then again, with physical access to the machines, network security is the least of your worries.
If he were to hack into the system, the first thing he would do is install a backdoor. Use the Netstat command to check for any unidentified persistant connections. Run the regular tools like Malicious Software Removal Tool, Malware Bytes, Spybot, in addition to your regular AV. If everything comes back clean, you are probably OK.
Do you have $80? Go to Target and get the Belink N Router (Or N+). They feature a 'Guest' access mode which will prevent them from getting on your Net (And they get their own Key).
Tell him to get his own Internet hookup because if he does sokething illegal, it falls on the name of the account holder. He should have the money also
While I haven't personally tested the Belkin router, I would be suspect at best. Having the devices combined in one box greatly increases the odds that you can circumvent the security. I would be extremely shocked if you couldn't arp poison the box and still see all the traffic.
Using three routers in a triangle configuration is always the safest way to set it up.
It has 2 Access Points and 4 Hard Wired Ports. 1 Access Point can access all items on the hard wired ports as well as everyone on that access point. The OTHER access point is a 'Hotel' mode where no one can see anyone else on that point. They are also issued a different subnet than your main access point to prevent someone from spoofing the other side.
If you get the N+ you also get the ability to plug a USB Hard Drive which then becomes a shareable drive on the access point (Main AP only).
guest access: This option allows guest users access to the Internet while keeping them away from your private network. By default, this option is enabled. Guest users should connect to the Belkin N+ Guest network.
security options for guest access:
Hotel Style: Users will be redirected to a hotel-style landing page when they first try to access the Internet. They must correctly enter in the passphrase to log in.
WPA/WPA2-PSK: This option is similar to the security mode for the main router network. Users must correctly enter the PSK in order to join the guest network.
Right, my I know it has 2 wirelss transmitters. My beef is that it only has 1 processor, controlling both devices. Any failover in either device, or the processor, could bring the whole system down.
drodge said: Right, my I know it has 2 wirelss transmitters. My beef is that it only has 1 processor, controlling both devices. Any failover in either device, or the processor, could bring the whole system down.Sorry Drodge, but that doesn't work in a 3 router system either.
If Router 1 Fails (all goes down and the tenant complains) If Router 2 Fails (YOU go down and you swear) If Router 3 Fails (HE goes down and complains)
So that isn't much of an argument. But it DOES meet your security requirement. Unless he gets a hold of your WPA key (Which would fail in any kind of setup), the Belkin prevents him from accessing your network.
Drodge is speaking from a security sense - not an availability sense. That with 1 processors controlling both devices, a security attack that compromises the processor renders the whole network vulnerable
Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.
Members of our community may attach files to a post in accordance with the User Agreement. FatWallet is not responsible for the content, accuracy, completeness or validity of any information contained in any attached file. Files have *not* been scanned for viruses. Be especially wary of Excel files which may contain malicious content.
