Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | (show all)   Print Thread
Standard User d_nick
(newbie) Tue 10-Sep-13 17:20:48
Print Post

(Non-BT) Fon WAP security


[link to this post]
 
Even if you aren't a BT Broadband customer, you can, apparently, get access to Fon hotspots by buying a Fon WAP to provide a public hotspot via your own Internet connection.

The Fon blurb says
The Fonera routers use your existing connection and send out a public and private wireless signal. It is the public signal that makes your Fonera a Fon Spot. You will use the public signal of other Foneras to connect when you are travelling. The private signal is strictly for you, your family, and friends that live in your residence since it is encrypted.

But how does the security on that work? What stops people connecting over the "public signal" from being access your LAN once they have a connection, via the Fon WAP, to your router?
Standard User BatBoy
(legend) Tue 10-Sep-13 18:07:39
Print Post

Re: (Non-BT) Fon WAP security


[re: d_nick] [link to this post]
 
The connection is in a VPN tunnel with no access to your network.


__________________________________________________________________________a bit harsh and a tad childish__________________
Standard User d_nick
(newbie) Tue 10-Sep-13 18:33:20
Print Post

Re: (Non-BT) Fon WAP security


[re: BatBoy] [link to this post]
 
Ta. I don't understand enough about VPN works to know how that makes it safe. I guess I have to either just trust that that's OK, or not turn on the Fon (or, turn it on but remove aerial).

Do you also understand how MAC filtering for WiFi connections works with the Fon devices? I currently have a separate WAP, and enter into the the router's whitelist the MAC addresses of everything I want to allow to connect via the WAP.
My naive view is that with the Fon either I need to turn off my router's MAC filtering of WLAN clients, or no-one can connect. Fon say not, but can't explain why to me - does the Fon WAP get around MAC filtering by pretending all the clients are wired?


Register (or login) on our website and you will not see this ad.

Standard User Stevenage_Neil
(member) Tue 10-Sep-13 18:41:07
Print Post

Re: (Non-BT) Fon WAP security


[re: d_nick] [link to this post]
 
In reply to a post by d_nick:
But how does the security on that work? What stops people connecting over the "public signal" from being access your LAN once they have a connection, via the Fon WAP, to your router?


The same way way a BT Hub does.
Standard User BatBoy
(legend) Tue 10-Sep-13 18:46:10
Print Post

Re: (Non-BT) Fon WAP security


[re: d_nick] [link to this post]
 
The Fon connection does not touch your network. It's an entry point to the Fon network not yours. It's a completely separate network.


__________________________________________________________________________a bit harsh and a tad childish__________________
Standard User d_nick
(newbie) Wed 11-Sep-13 09:09:11
Print Post

Re: (Non-BT) Fon WAP security


[re: BatBoy] [link to this post]
 
Thanks. Hmm, again, I think smile
In a simplistic way, it clearly does "touch" my network, in that the Fon device is plugged in to my my router. What is it that stops people connected to it from seeing the rest of my LAN?
Do I just have to accept that there is a VPN, and that magically that VPN (a) gets around the MAC address filtering on my router and (b) stops anyone connected to the Fon device from doing anything on my LAN. How would I verify that there is indeed a VPN that has those effects?
It may well be that this just works, securely for the hosting punter, and that it's too technically complicated for the average person to understand, in which case I just have to make a decision about whether I'm happy enough with that to connect this device.
I could, I suppose, connect the device but unscrew it's aerial, but that seems rather against the spirit of the idea.
Standard User Chrysalis
(legend) Thu 12-Sep-13 10:01:36
Print Post

Re: (Non-BT) Fon WAP security


[re: d_nick] [link to this post]
 
its like the guest network you see on some routers.

its in a different ip subnet and is "isolated" from your own lan. Obviously in theory its possible for someone to break out of that isolation, but there is no known instances of that happening.

BT Infinity 2 Since Dec 2012 - BQM
Standard User yarwell
(sensei) Thu 12-Sep-13 11:31:34
Print Post

Re: (Non-BT) Fon WAP security


[re: d_nick] [link to this post]
 
In reply to a post by d_nick:
What is it that stops people connected to it from seeing the rest of my LAN?
The IP addressing for starters, if the FON clients are on a different subnet to your LAN / WLAN clients then there's no ability to exchange data.

--

Phil

MaxDSL - goes as fast as it can and doesn't read the line checker first.

MaxDSL diagnostics
Standard User d_nick
(newbie) Sun 15-Sep-13 13:26:14
Print Post

Re: (Non-BT) Fon WAP security


[re: yarwell] [link to this post]
 
Thanks, both. Any suggestions as to what I can do to check that the public SSID is on a different sub-net?
Standard User 5km
(knowledge is power) Sun 15-Sep-13 15:37:20
Print Post

Re: (Non-BT) Fon WAP security


[re: d_nick] [link to this post]
 
The public FON Wi-Fi is isolated from the LAN and other WLAN users.

IP ranges (and sub-net) will be different for the secured Wi-Fi and Public (FON) Wi-Fi signals.

Pages in this thread: 1 | 2 | (show all)   Print Thread

Jump to