Set up simple network and ensure security
-
after changing the router default internal ip, and setting up static ips on both computers and thinking no one could "find" any of these internal ips, i discovered many sites which did indeed reveal my computers ips. i suspect the routers internal ip can be seen also, but so far it didnt show up.
1. is the above typical, apparently the sites use Java/ Java scripts to reveal the internal ip, although when i disabled specific Java settings in the browser, it still revealed the ips (if the browser internet security is set to custom high, instead of default med/high then the ips dont show, but then obviously many other items wont show on the sites)?
2. also does this mean anyones internal ip can be found from anyone elses location using similar such methods/sites?
thanks
-
-
Which sites have you been to that have shown your internal ips?
-
Last edited by balm; 31 Jan 2011 at 07:55.
-
-
The reason it can report your ip address is because you allow javascript to run as a matter of course. The site calls a javascript when you load it that reports the ip address back. If you use firefox, go to "tools", "options" and select the content tab. On the screen de-select the "enable Javascript" check box. Then reload the page again and you will find that it cannot report your internal address.
The fact that they are able does not mean any great danger as long as you keep all your protection up to date and DO NOT go on the internet without your firewall running. Best in my opinion is to run with the router hardware firewall and Comodo software firewall on.
You're definitely getting there Balm!!!
-
The "auditmypc" site is distinct, in that it continues to run the internal ip even with Active Scripting, Scripting of Java Applets, and ActiveX options disabled, i also deleted cookies/history/tmps, and disabled all Activex, Java web add-ons, so i would assume its some other item(s) or combination thereof running....but i understand there is no security risk anyway.
I went thru the customize security settings in the "internet zone" one by one to see which one is causing it, but was unable to determine the cause...
Last edited by balm; 01 Feb 2011 at 12:17.
-
1. i understand it is best to close the wireless internet connection when not in use, what is the best/easiest way to close the wireless connection, for example at the router/modem (combo), at the ethernet desktop, or at the wirelss laptop...?
2. also, can the ethernet cabled leg of the network be used as a "more secure connection" than the wireless leg (to laptop) in terms of web activities. In other words is the ethernet cabled computer web activity broadcast over to or "seen" by the wireless connected laptop, i assume it is?
the reason i ask is i was thinking its safer doing the internet banking on the ethernet computer (even though its SSL)....
Last edited by balm; 01 Feb 2011 at 20:16.
-
-
1. You do not need to close your wireless connection when not in use as long as you use WPA2 security and use a long password consisting of a mix of Upper and Lower case letters, numbers and symbols such as ? or ! as this will provide a virtually uncrackable system unless the hacker has access to a supercomputer and hundreds of years to waste!!. The recommendation is to DEFINITELY use WPA2 security.
2. Again, if you use WPA2, your wireless network will be as secure as your LAN connection. Bear in mind that any activity by you is more likely to attract a problem from malware, trojans etc. Your ethernet cabled computer web activity is not seen by the wireless connection, only the reduction in available bandwidth ie. a slowing down of the connection when the ethernet computer is downloading say a film or music.
Again, as long as you use WPA2 security on your network, it is OK to use your laptop for internet banking as long as you ensure that you are connected to a website using "HTTPS" and NOT "HTTP".
-
thank you sir, you are most helpful,
you seem to think that https is sufficient protection for the average home internet banking user, what concerns me is the issue of banking username & passwords information....
1. so assuming this information is entered right from the banks "https" sign-in page, there is virtually no risk an attacker (assuming he has already "gained access" to your computer) can intercept the password...in other words he cannot see the information being typed in on the https page?
2. if https encryption is so good, could this be implemented on a wireless network instead of WPA2?
3. heres interesting pdf re. ARP attacks, home consumer....albeit there is still the issue of cracking WPA2 and STRONG password!
http://digilander.libero.it/SNHYPER/files/arppoison.pdf
Last edited by balm; 03 Feb 2011 at 11:51.
-
1. If an attacker has already gained access to your computer then you are stuffed and you can no longer trust the computer with any personal details until you regain full control of your computer. You would need to IMMEDIATELY inform your banks, creditcard agencies and any other secure organisations you use, that you suspect/know that your security has been breached and reset all your passwords including your email accounts. On the other hand, if you have not had any security breach, then it is normally OK to use HTTPS sign in pages with confidence. Usually the breaches in bank detail security is achieved by duping the computer driver that they should give details of their login on a false bank login page which can be very realistic looking. You are normally duped into this by an email asking you to confirm your details. This is known as "phishing" and this type of attack is quite common so always beware of any emails supposedly coming from your bank especially thase that ask you to login to confirm your detials.
2. HTTPS is a secure way of passing details over the internet via web pages and all communications between you and the owner of the https address is encrypted so that nobody can eavesdrop on the information. WPA2 is an encryption method for communication between wireless network components such as computer and router. So they are both encryption methods but used for different purposes.
3. To successfully carry out this type of attack requires the attacker to have already breached your security and have access to your network either wired of wireless so make sure you setup WPA2!!
Make sure you keep your firewall software, antivirus and anti-malware programs regularly updated, scan you system once a week (or as soon as you suspect an attack) and you should be fine.
-
thanks wiley, yes i understand the importance of WPA2...
i got on to https when reading up on the extreme measures some forum members are using to do their online banking, including using linux boot disks, security certificates, and password programs....ill have to look more into it...thanks again for your advice.