[NTLK] The Two-Legged NAT — How To Secure WEP For Your Newton
morgant at makkintosshu.com
Wed Mar 28 07:26:51 EDT 2012
On Wed, Mar 28, 2012 at 6:01 AM, Doug McComber <mccomber at fastmail.fm> wrote:
> On Mar 27, 2012, at 10:20 PM, R A Parker wrote:
>> On Thursday, March 22, 2012 at 12:12 pm Aaron Brigati wrote:
>>> Yes, WEP and MAC address filtering
>>> are trivial to crack. However, most
>>> people aren't going to make any
>>> effort _at all_ to crack wifi.
>>> and if you're using old stuff like
>>> a Newton or a Nintendo DS on your
>>> wifi, it's all you can use
>> Surely, you can't be serious?
>> Here's a solution:
>> Download the PDF (in case I slashdot my NPDS Newton)
>> This PDF is the companion to:
> Aaron is correct in that WEP is all you can use to connect your Newton. Your double-nat solution still means the Newton and anything else in WEP are insecure. "most people aren't going to make any errort_at all_ to crack wifi", well that depends where you live I suppose.
> Most routers bought in the last few years will allow you to run two wifi networks simultaneously from the one router. You can configure each wifi network's settings (a,b,g,n WPA, WEP , nothing, etc) separately and choose whether or not the two networks can talk to each other.
Double NAT (or "guest" networks, if supported by your WiFi router) are
a good solution to keeping people who do hack your wifi from doing
much, if any, damage. There are some potential problems with
double-NAT (return translation not mapping correctly in some cases;
many OSes will even warn if they detect they're going through
double-NAT), but I have used it in the past and not run into any
Newtons are inherently insecure, but in such a way that makes them
extremely useful and extensible. If you were able to get a nefarious
package onto a Newton, it could access everything (unless you're one
of the few encrypting Notes with TheFish or one of the alternatives)
and do anything. None of its transmissions to/from the outside world
are encrypted and all can be intercepted: IRDA (well, not without
being completely obvious, considering the extremely short range),
dial-up modem (old-school, but you just have to tap the phone line),
Bluetooth (Bluetooth only requires authentication or encryption and
I'm pretty sure Blunt only uses the former for performance reasons),
and WiFi (WEP is crackable, MAC addresses can be cloned, and ARP
tables can be polluted).
But, even with all the communications options, most people will not be
doing much that contains sensitive data in Newton transmissions. The
best thing you can do, esp. if you live in a well populated area where
bluetooth & WiFi sniffing/cracking is a possibility, it protect the
rest of your devices and try to limit sensitive data that gets passed
around. You're certainly not going to be doing online banking on your
Newton, but if you're checking/sending email via IMAP/POP/SMTP then
the password will be exposed. If you're routing sensitive notes, that
data will be exposed. If you're using telnet, anything you type,
including usernames & passwords, will be exposed.
If you have WiFi you should definitely be using a "guest" network/SSID
or double-NAT if you've got other devices on the network that do have
sensitive data or perform sensitive tasks so that you're limiting
their risk. It doesn't hurt to use 128bit WEP, MAC address filtering,
and a non-standard IP address range w/manual IPs. The latter will stop
lazy neighbors from leeching bandwidth and will be a challenge
(although probably not an overly difficult one) for budding hackers
with an intrusion live CD, but will also be a big disappointment once
they get in and find it a wasteland of devices like Newtons which have
no open ports to probe.
Are there security concerns? Is it certain. Should you take
precautions? Without a doubt. Should you lose sleep over this? My
reply is no.
More information about the NewtonTalk