1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

WPA Dilemma

Discussion in 'Networking' started by surferdude1, Nov 5, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. surferdude1

    surferdude1 Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    7
    Hi, everybody. Please excuse my lack of knowledge on the subject I am asking about. As far as I know, you are not able to set up WPA encryption on your laptop in a wifi hotspot(unless of course the owner tells you the router's MAC address and passphrase). However, I was wondering what exactly the WPA does. I read that it supposedly encrypts all the so-called "data" that you send out(specifically for web browsing, downloading, etc.), and makes anyone trying to connect to your computer(and therefore your network) need to input the correct passphrase. If this is the case, isn't there some sort of software that could also encrypt your outbound data in the same way on a hotspot, but without actually setting up an encrypted network between your computer and a router(or access point)? I am guessing that if there is, then it would probably only encrypt outbound "data", and not protect you from people trying to access your computer. I have read about VPNs, TOR, etc., but as far as I can understand, these only try to mask your IP/identity. They also say that they "tunnel data," but doesn't all web traffic have to make "hops" anyway? So how would they "tunnel data," unless that company had a physical line running straight from your computer to their server? I welcome any number of responses on this subject, and I would appreciate any help anyone can offer. Thank you very much!
     
  2. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,909
    First Name:
    Terry
    Encryption (WPA, WPA2 or WEP) on a structured Wi-Fi network is defined on the wireless router or wireless access point. The only time you can define on a computer the encryption to be used is with an ad-hoc wireless network (which is just between or among computers and like devices; no router or access point).

    For your purposes you want a VPN. If you use a general one (not one supplied, say, by your employer to connect to work) your data in both directions will be encrypted between your computer and the VPN server. The "tunnel data" and "virtual private" part of VPN mean essentially the same thing. It acts like you have a direct cable between your computer and whatever is at the other end.
     
  3. surferdude1

    surferdude1 Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    7
    Thanks for the quick reply. I am still wondering though, is there any type of software that can encrypt your outbound data(without involving other computers or servers)? If there isn't, then as a middle ground, is TOR better(since it supposedly works between private computers, and not commercial servers, many of which keep traffic patterns on file for long periods of time)?
    I am also wondering, is the encryption that WPA uses like that used in encrypting files saved to your hard drive?
     
  4. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,909
    First Name:
    Terry
    Sure, but nobody would be able to read it.

    Yes. All encryption is encoding information with some key such that the same key is needed to decode it.

    If you are worried about law enforcement discovering illegal activities we are not interested in helping you in any way.
     
  5. surferdude1

    surferdude1 Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    7
    Thanks again, TerryNet. Mainly what I am concerned about is anyone online seeing personal info(identity theft sort of thing). So, what I'm guessing from your answer that no one would be able to read it, is that if I did use such encryption software, then in essence, the only way any other computer user could "read" the data without everyone else seeing it would be for me to physically call the person and tell them the key(because with a VPN or your own router, both your computer and the VPN server or router would know the key, but anyone else not on the network would not(unless you told them it))?

    Also, just out of curiousity what are some programs that do such encryption? Thanks in advance.​
     
  6. TerryNet

    TerryNet Moderator

    Joined:
    Mar 23, 2005
    Messages:
    79,909
    First Name:
    Terry
  7. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,300
    Secure connections are established all the time over various websites across the internet. These secure connections are done over SSL (secure sockets layer) communication. All web browsers have this capability. During SSL communication, all data sent down the SSL tunnel is encrypted. How this is done is very an exchange of certificates which are used to encrypt the data. How you know the certificates exchanged are from a trusted source is via the built in certificate authority listing in your web browser. Various ones like Verisign provide services for certificate generation to companies looking to get certificates from a trusted source. Verisign verifies company information and ensures the company is who they say they are. This is the reason why if you connect up to say a bank institution, you don't get a warning which says the certificate is unrecognized or from an untrusted source. If you ever get this notification from your web browser, you need to really scrutinize the certificate being passed to you.

    TOR (or Onion routing) goes to try to mask your originating source IP by burrying it in layers of route masking. It doesn't really provide encrypted data protection.

    VPNs (virtual private networks) goes to ensure the end points are trusted sources and are to talk to each other. There are methods like AH (authentication header) which does nothing but ensure end point identity but doesn't encrypt data. IPSEC is widely used to ensure end point identity and encrypts data in transit. IPSEC does this by doing IKE Phase I authentication and then once the identities are established, the tunnel comes up and the data is encrypted via ESP Phase II.

    Technologies like TrueCrypt which TerryNet mentions is a data encryption software. It is meant to encrypt data saved on your hard disk, thumb drive, etc. The file can then be sent via email or through some other means securely. The receiving end needs to either have a certificate or passphrase/preshared key to unencrypt the data. Another tool that is used similar to this is PGP.
     
  8. surferdude1

    surferdude1 Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    7
    Thank you, zx10guy, for all the great explanations. I'm still a little confused(Sorry). From what i'm understanding, the digital certificates you're talking about are purchased from Verisign(or other certificate companies) by companies, such as banks, online retailers, etc., so then an SSL tunnel could only be setup between a private user and one of those companies' web sites, not between a private user and another private user or non-commercial web site. If this is not the case, can you please describe how one would initiate such a connection, or tell me a link that might provide more explanation on the subject?

    Also, I can't seem to find out how to to implement IPSec. Is there some sort of separate application, or is it only based on rules you setup in, for instance, Windows Firewall or Internet Explorer? Again, if it is too much to cover here, could you provide me with a link? Thank you again! Please forgive my lack of knowledge.
     
  9. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,300
    What exactly are you trying to do? And when I say exactly, I want you to be very specific.
     
  10. surferdude1

    surferdude1 Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    7
    Sorry if I'm sounding confusing. Basically what I am trying to achieve is a setup that would allow me to do all the things one would do on the internet on their home(WPA encrypted) connection, such as online banking, shopping, posting job applications, general web surfing, etc., on any unencrypted hotspot(Starbucks, hotels, airports, etc.) as securely as if I were using my encrypted home connection, meaning that no unscrupulous people should be able to see my personal information, nor connect to my laptop. I understand what you are saying in that most banks' sites use SSL, but not all shopping sites/private sellers, nor all web sites in general(informational), do so. This is the reason why I am asking if there is a way for me to set up an SSL(or similar) tunnel between my laptop and any web site/computer I connect to. Another reason why I would prefer to set up the tunnel myself, is because I have heard that some VPNs collect personal information, traffic patterns, etc. in order to sell them to vendors(and anyone else they may choose) at a later time. So can IPSec(or any other application) set up an encrypted tunnel between my laptop and any web site/computer every time I connect, or am I just wishing for something that doesn't exist and just need to be content to hope that whatever VPN I use is trustworthy?
     
  11. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,300
    No.

    It doesn't work that way. There's a concept of client server with secure tunnels. Being that you are the client, if the server end is not set up to want to create a secure connection, you're just out of luck.

    Public hot spots....I avoid like the plague and only use them under the circumstances where I don't care if anyone is sniffing my traffic. I invested in a mobile hotspot with 3G service that I take around with me when I want to connect up to the internet.

    The alternative is to run a VPN server on your home network and configure it for hairpinning. But there are some issues with this. Most everyone's home ISP service is asymmetrical which means your upload speeds are only a fraction of what your download speeds are...in addition to the overhead associated with VPN itself. Then there is the other factor....your knowledge of networking. What you're asking is something that is only supported on business class network devices which require a certain level of skills and experience to configure properly....not to mention that the cost would be beyond what most home users would want to pay.
     
  12. surferdude1

    surferdude1 Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    7
    Thanks again, zx10guy! So I guess I should only put out sensitive information on a hotspot to web sites that are definitely using SSL(HTTPS), if at all. As for what you said about running a VPN server from home with hairpinning, would I then need something like this:

    http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=872685&CatId=5737
    (because I'm guessing this comes with the software that would enable you to set up the VPN), as well as to subscribe to symmetrical ISP service, and to keep my home computer constantly running(or is there wake-on-LAN or something)?
     
  13. surferdude1

    surferdude1 Thread Starter

    Joined:
    Nov 5, 2011
    Messages:
    7
  14. zx10guy

    zx10guy Trusted Advisor Spam Fighter

    Joined:
    Mar 30, 2008
    Messages:
    6,300
    Yes. The Cisco ASA 5505 can do what I stated. But it doesn't support dynamic DNS services.
     
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1025602

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice