[Messerschmitt]

Hey, really would like to know.

I just bought a NAS, and I would like to know if I log-in through Network, would the username and pass my NAS requires for the specific username, be encrypted?

I'm basically using Wireless to connect to my router, hence why I wouldn't want someone with packet sniffer get my NAS user and pass.

Thanks

[nitroshift]

http://windows.micro...ireless-network As long as you set up your network with WPA2 encryption, you don't have to worry about someone else sniffing your key. Do NOT EVER set up the network with WEP encryption, it can be broken in a matter of seconds (done it myself as a test on my own network).



nitroshift

[Messerschmitt]

Yea, my wireless is WPA2 encryption. But was just wondering if user and pass transmission from Win 7 to target via network is encrypted, or if it's plain. Or if it's done via wireless, it uses the WPA2 encryption? I have the WPA2 encryption in my router settings for wireless.

[CharlotteTheHarlot]

Messerschmitt, on 04 February 2013 - 09:39 PM, said:

I'm basically using Wireless to connect to my router, hence why I wouldn't want someone with packet sniffer get my NAS user and pass.

You're obviously talking about encryption in the air, and the answer must be YES because WPA2 would be effectively useless otherwise. I'm pretty sure that all protocols are encrypted so that simply sniffing and reassembling the packets is only the easy part. After that you would need to decrypt and I believe WPA2 is very secure, while the others like WEP are not. But to be absolutely sure just google around for something like "WPA2 passphrase packets" and you should find the answer in glorious detail.

BUT ... The weak link is not what travels through the air. The weak link in the currently secure WPA2 chain is the on the PC itself, because even on Windows 7 the passphrase is of course stored for automatic login ( i.e., so you don't need to type in the passphrase every time you use a Wi-Fi network ). This stored passphrase can easily be pulled out of the computer with any number of utilities ( I'd rather not name any ). So as has always been the case, if someone has physical access to a laptop, that person can be considered to have full access to all passphrases to all Wi-Fi networks currently stored.

It is okay to ponder the over-the-air security, but it is meaningless if someone has a few minutes alone with your laptop or other device when your back is turned.

EDIT: had to change that suggested search term from "WPA2 packet passphrase" to "WPA2 passphrase packets" because as fate would have it, the former case successfully won the Google game resulting in a single hit, and that hit was this very page. Seriously!

This post has been edited by CharlotteTheHarlot: 06 February 2013 - 02:02 AM

[Messerschmitt]

Thanks for the input. Fortunately, nobody has access to my physical machines. But I do live in a complex, so neighbors were on my mind.

So bottom line, since my wireless is WEP2 and the pass for that is pretty strong with lots of mixed characters, plugging in ethernet cable or continue using the wireless shouldn't make much of a difference yes?

[nitroshift]

Messerschmitt, on 06 February 2013 - 07:12 PM, said:

[...]
So bottom line, since my wireless is WEP2 and the pass for that is pretty strong with lots of mixed characters, plugging in ethernet cable or continue using the wireless shouldn't make much of a difference yes?

Yes.


nitroshift

[CharlotteTheHarlot]

Messerschmitt, on 06 February 2013 - 07:12 PM, said:

So bottom line, since my wireless is WEP2 and the pass for that is pretty strong with lots of mixed characters, plugging in ethernet cable or continue using the wireless shouldn't make much of a difference yes?

Typo? WPA2 with AES cipher is current best practice. The last thing you want tis anything to do with those three letters: WEP.

[Messerschmitt]

nitroshift, on 06 February 2013 - 09:10 PM, said:

Yes.


nitroshift

Thanks

CharlotteTheHarlot, on 06 February 2013 - 09:31 PM, said:

Messerschmitt, on 06 February 2013 - 07:12 PM, said:

So bottom line, since my wireless is WEP2 and the pass for that is pretty strong with lots of mixed characters, plugging in ethernet cable or continue using the wireless shouldn't make much of a difference yes?

Typo? WPA2 with AES cipher is current best practice. The last thing you want tis anything to do with those three letters: WEP.

Yes typo.

I have WPA2 Pre-Shared.

My WRT54GL does not have an AES option for wireless security.

This post has been edited by Messerschmitt: 07 February 2013 - 12:02 PM

[CharlotteTheHarlot]

Messerschmitt, on 07 February 2013 - 11:56 AM, said:

My WRT54GL does not have an AES option for wireless security.

You have this one? I am almost positive that one has WPA2. Check your firmware against the downloads available Linksys site. Also, note that their are several 3rd party firmware that can replace it.

The point being, if you have client devices capable of strong security, you really should get a router to allow that scenario. Fortunately in your case I believe getting a new router is a simple matter of firmware update. If you happen to have an unusual hardware model without upgrade possibilities, you can always just get another router. Anyway, that is off this topic I guess, but always a good rule of thumb: never setup a network using security for the lowest common denominator if it can be avoided.

[Messerschmitt]

Yep, I got the WRT54GL. Actually just ordered today a E1000 too.

I run DD-WRT v23 on my 54GL (quite old I know). Once I get the E1000, I'l keep the 54GL as a backup, and install the latest (and only apparently) DD-WRT firmware on the E1000

And yes, my bad, under WPA Algorithm I do have the AES option (option TKIP or TKIP+AES). Security mode is WPA2 Pre-Shared Key Only (other option WPA2 Pre-Shared Key Mixed, or RADIUS Only/Mixed)

[nitroshift]

I have a TP-Link TL-WR1043ND running DD-WRT. Wireless secured with WPA2 Personal using TKIP+AES. No worries.


nitroshift

[cluberti]

Also, be aware that even if someone were to hack your network (anything's possible), all NTLM auth over SMB is hashed and encrypted (assuming you're not using Kerberos, which is slightly different - most NAS devices use NTLM). It's also not uncrackable, but it is another layer of security. Obviously NTLMv2 with SMB signing is more secure than without, or NTLMv1, but some is better than none.