Is Ethernet input to wirelss router encrypted?

Newb. Ok, this is probably a silly question, but that never stopped
me before. If you turn on WEP or WPA encryption at the wireless
router, that applies only to wireless connections, not to
wired connections - right?

> If you turn on WEP or WPA encryption at the wireless
> router, that applies only to wireless connections, not to
> wired connections - right?

Yep

In article <HwVgh.18756$(E-Mail Removed)>, waybackNO784SPAM44
@yahoo.com (known to some as Peabody) scribed...

> Newb. Ok, this is probably a silly question, but that never stopped
> me before. If you turn on WEP or WPA encryption at the wireless
> router, that applies only to wireless connections, not to
> wired connections - right?

This is a true thing, yes. WEP (not recommended, easily crackable),
WPA (also getting to the point where it's easily crackable), and WPA-2
(now preferred) apply only to the wireless side.

Happy netting.

--
Dr. Anton T. Squeegee, Director, Dutch Surrealist Plumbing Institute
(Known to some as Bruce Lane, KC7GR)
http://www.bluefeathertech.com -- kyrrin a/t bluefeathertech d-o=t calm
"Salvadore Dali's computer has surreal ports..."

On Sat, 16 Dec 2006 10:53:59 -0600, Peabody
<(E-Mail Removed)> wrote:

>Newb. Ok, this is probably a silly question, but that never stopped
>me before. If you turn on WEP or WPA encryption at the wireless
>router, that applies only to wireless connections, not to
>wired connections - right?
>
Correct

In article <(E-Mail Removed)>,
(E-Mail Removed) wrote:

> On Sat, 16 Dec 2006 10:53:59 -0600, Peabody
> <(E-Mail Removed)> wrote:
>
> >Newb. Ok, this is probably a silly question, but that never stopped
> >me before. If you turn on WEP or WPA encryption at the wireless
> >router, that applies only to wireless connections, not to
> >wired connections - right?
> >
> Correct

The next question then is what are the security concerns (if any) of
having a hard=wired ethernet connection to a wireless router ? What
extra concerns do I have.

Kurt Ullman <(E-Mail Removed)> hath wroth:

> The next question then is what are the security concerns (if any) of
>having a hard=wired ethernet connection to a wireless router ? What
>extra concerns do I have.

Wiretap, or rather ethernet tap.
<http://www.netoptics.com/products/product_family.asp?cid=1>
I've uncovered security problems where the wireless bridge is properly
protected from sniffing by encryption, but the ethernet cables going
to/from the bridge are not. I break into the telephone closet in the
office building, install an ethernet tap, and proceed to sniff all the
traffic. Physical security is important if you have something worth
protecting.

Incidentally, there are Layer 2 encryption products. I have some 3com
encrypted ethernet cards (somewhere) that have on board 3DES
encryption.
<http://www.3com.com/products/en_US/detail.jsp?tab=prodspec&sku=3CR990SVR97&pathtype=s upport>


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

In article <(E-Mail Removed)>,
Jeff Liebermann <(E-Mail Removed)> wrote:

> Kurt Ullman <(E-Mail Removed)> hath wroth:
>
> > The next question then is what are the security concerns (if any) of
> >having a hard=wired ethernet connection to a wireless router ? What
> >extra concerns do I have.
>
> Wiretap, or rather ethernet tap.
> <http://www.netoptics.com/products/product_family.asp?cid=1>
> I've uncovered security problems where the wireless bridge is properly
> protected from sniffing by encryption, but the ethernet cables going
> to/from the bridge are not. I break into the telephone closet in the
> office building, install an ethernet tap, and proceed to sniff all the
> traffic. Physical security is important if you have something worth
> protecting.
But this is my house and you would have to break into the cable box,
I guess?


>
> Incidentally, there are Layer 2 encryption products. I have some 3com
> encrypted ethernet cards (somewhere) that have on board 3DES
> encryption.
> <http://www.3com.com/products/en_US/d...3CR990SVR97&pa
> thtype=support>

On Sat, 16 Dec 2006 22:24:14 GMT, in alt.internet.wireless , Kurt
Ullman <(E-Mail Removed)> wrote:

>In article <(E-Mail Removed)>,
> Jeff Liebermann <(E-Mail Removed)> wrote:
>
>> Wiretap, or rather ethernet tap.
>
> But this is my house and you would have to break into the cable box,
>I guess?

Yes. This isn't a serious concern for home networks, unless some of
your cabling is acessible from public areas such as hallways or
fire-escapes.
>
>> Incidentally, there are Layer 2 encryption products.

Isn't it easier just to set up a VPN?
--
Mark McIntyre

Mark McIntyre <(E-Mail Removed)> hath wroth:

>On Sat, 16 Dec 2006 22:24:14 GMT, in alt.internet.wireless , Kurt
>Ullman <(E-Mail Removed)> wrote:
>
>>In article <(E-Mail Removed)>,
>> Jeff Liebermann <(E-Mail Removed)> wrote:
>>
>>> Wiretap, or rather ethernet tap.
>>
>> But this is my house and you would have to break into the cable box,
>>I guess?

>Yes. This isn't a serious concern for home networks, unless some of
>your cabling is acessible from public areas such as hallways or
>fire-escapes.

Agreed. It really depends on how you run your CAT5 wiring. Most home
users would not notice an extra CAT5 cable leading to the outside of
the house. It would offer little in the way of sniffing opportunities
as the common ethernet switch does not repeat all packets. However,
it would allow access to the home LAN and possibly the client machines
if they were unprotected from local attacks.

The problem I mentioned really has to do with corporate LAN's and
wireless transparent bridges on rooftops. The CAT5 cable between the
rooftop bridge and the corporate ethernet switch is usually
unprotected.

>>> Incidentally, there are Layer 2 encryption products.
>
>Isn't it easier just to set up a VPN?

A VPN from where to where? The rooftop wireless transparent bridge is
just a Layer 2 bridge with no Layer 3 router features. A VPN acts as
a shim between these two layers and would require a router rather than
just a bridge. A VPN will work with all the traffic routed (not
bridged) through the VPN tunnel. That would probably be easier than
encrypting the entire LAN but only solves the wiretap problem for one
segment of the LAN.

Unfortunately, I have no customers with either Layer 2 or Layer 3
encrypted LAN's and have no clue how common these are in the wild. My
guess is that they're very uncommon. For home networks, they're
probably never used. Considering the level of paranoia about wireless
hacking in the trade press, I would have expected more mention of
wired encryption and security, but I guess not.

--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

On Sat, 16 Dec 2006 10:53:59 -0600, Peabody wrote:

> Newb. Ok, this is probably a silly question, but that never stopped
> me before. If you turn on WEP or WPA encryption at the wireless
> router, that applies only to wireless connections, not to
> wired connections - right?

Yes.