Ethernet cable home install, advice?

Hard wired is more secure…

I don’t trust WiFi

Years ago looking at my routers WiFi connection log . I had a device connect that said macon PD at about the same time everyday. Had no neighbors so next day off I waited… patrol car drove by…

4 Likes

Yall are speaking alien to me, I got quoted $175 for a drop. Is this good? Thanks for the responses

1 Like

@DarkJester89 It depends. What you COULD do (and I don’t know where the drop is), suck it up and get that, then later, add a switch, and you could then add more CAT5’s as you needed.

Paranoid much? :rofl: …don’t have a ‘grow room’! :crazy_face: j/k

Probably the wifi on the patrol car latching onto whatever signal is advertised as it goes by… (just like most folks who leave their cell phones on, constantly scanning for what’s available. Huge mistake that’s asking for trouble IMO)

Seriously though, wi-fi is as safe as you make it.
Yes, while there are sniffers, scanners, hacks galore (nothing is intelligent-criminal proof sadly), there’s a lot of best practices that are simply not followed. And laziness can cost you.

  1. Don’t broadcast your SSID. (this makes it basically “invisible” to many of the basic tools and devices)
  2. Take time, and implement a complex password. Write it down and store it. (if you have to enter it enough times, sooner or later you’ll memorize it. Mine is over 16 digits and includes multiple special symbols as well as the usual upper case, lower case, alpha, numeric, etc)
  3. USE MAC FILTERING. No preauthorized MAC? No connection.
  4. Use the DMZ function for those guests who absolutely cannot be bothered with ‘safe practices’, and let them fight over the one IP address that has been assigned to it. lol
  5. Use static IP’s. Hand stack every machine individually (so when the time comes, you know exactly who’s machine is causing problems, or is the target.
  6. Enable and watch the logs from time to time.
  7. Use the HOSTS file, and implement a good blacklist of known offenders (by site, and by country in many cases)

There’s a ton more… But honestly, most of the above will deter the majority. Most “hackers” are just lazy opportunists. They move on if whatever script/package/etc doesn’t find an easy opening in short order. Why? Because there’s so many easy targets out there to be bothered to ‘make a real effort’! :wink:

5 Likes

Sounds a bit steep to me.
But you quote for worst case scenario, as you never truly know what you’re going to run into until you’re on the job.

I’d get a couple more quotes.

Also, location makes a big difference. Fire breaks, plumbing, inner wall, outside wall, etc all affect what a tech is likely to run into.
Giant attic (easy access) = less time on the job. Itty bitty crawl space under the house? More money because I hate mouse shit, water buildup, and spiders etc. All of it matters (and affects price). So if you need to rearrange some furniture, ask the tech which wall would be the easiest/cheapest to run a drop to! :wink:

Good luck!

2 Likes

Since people don’t control the protocols used by wifi or other network uses, this is the biggest bullshit out there that they want you to believe. People are controlled by big organizations and governments. You can take certain steps to make it more difficult for a hacker to get in, but absolutely nothing is 100% safe.
Since Wifi is an open network, anybody can “sniff” what’s happening and that is by definition not a secure network. It is possible with wires but you can’t be meters away from them and the better your cable or fiber, the more difficult it’s going to get.

Everybody thought for years that WPA2 was as good as it was ever going to get, unbreakable and then someone from the local university here proves there’s a big gaping hole… Remember the https bug a couple years ago? Didn’t everybody think that was safe too? These are just 2 examples of major security protocols that are used globally that are supposed to make people feel safe.
And who’s to say a government didn’t already know all these holes before they were (re)discovered, and made use of it to check up on its citizens? We KNOW for a fact that they’re not scared of spying on anybody, foreigners and their own.

1 Like

If you have patched your current equipment with the recommended remediation firmware, your exposure to the recent WPA2 exposure has been mitigated. If you aren’t diligent about your network (either wired or wireless), then you are to blame for most hijack intrusions. Unless you are a specific target, most hacker types that would sit near your home and sniff your traffic are like predatory animals- seeking out the easy prey. When they see you have sufficient protections in place, they will move on to the next network until they find one that’s ripe and hanging low. It’s naive to think you are completely exposed by simply using WiFi. WPA2 is still the safest way to go WiFi. And if you are worried about the government spying on you, they are doing that using internet communications, not by hacking into your local network. However, if you see a bunch of guys in black suits and sunglasses in a white, unmarked van outside your home, be very afraid. The list of precautions @Sprkslfly posted are not impenetrable, but these will deter the opportunists enough to make them go look for the weak and injured and leave you be.

As for HTTPS bugs, viruses, etc. and other vulnerabilities, they are not limited to wireless. Stay off the internet altogether if you are that worried. But, that won’t save you. Banks, brick and mortar retailers, credit card companies, utilities, everyone else uses the internet to conduct most transactions so you are always at risk, so enjoy sleeping tonight.

As for the $175 drop quote, yep it depends on how complex it will be. May not be a bad deal. At least you’ll have it professionally run and guaranteed to work.

3 Likes

You’re missing the point I was making…
Sprkslfly said that your level of protection is depending on yourself, something that you seem to confirm.
What I’m saying is that nothing you use is 100% secure because we all depend on technologies developed by other people and those technologies are always flawed one way or another. You can patch all you like, tomorrow, new security holes are discovered for what you thought was impenetrable. And it’s not because they’ve just been discovered by hackers that crackers haven’t been making use of those holes for a very long time…

Wireless networking, whether it is wifi, 3G/4G, bluetooth or whatever, is a network that cannot be shielded. Other people can always listen in, no matter what encryption you use. So, wireless networking is always going to be a security risk, no matter what you do or don’t do.
As for https etc, it was just to show that technologies that have been thought safe for years, are also susceptible to hackers.
The majority of people also don’t have the ability to patch all their equipment because they’re using a wifi router provided by their ISP… so all you can do is pray and hope that your ISP is taking security seriously. Running a cable where possible is one of those security measures that you can take to protect yourself.

If a bank loses my money, they’ll just print some more… why would I worry about that?

2 Likes

Bye Bye Economy…

3 Likes

They’ve been at it for decades, basically since they stopped using gold as the standard to back money up :smiley:
So yeah, bye bye economy, but that’s nothing new.

3 Likes

They are taking it seriously. If a penetration occurs because an ISP owned device was not properly patched, they are liable. They may not care about you, but they care about money. And ‘the majority of people’ would need stats and clarification to be an accurate assessment.

And you can remove all knives and everything with sharp edges from your home to keep from cutting yourself. Where would the line be for playing the caution game vs convenience?

Now, no need to continue to drift from DJ’s thread topic. Start a new thread if you want to continue to debate internet/intranet security. Drifts are bad around here.

1 Like

The topic is “Ethernet cable home install” … and you say I’m drifting while all you talking about wifi and its convenience? :laughing:

1 Like

I wish it was the case. They will only be liable in case of gross negligence. BT has shipped modems with WAN side vulnerability the size of a pregnant seal for many years. But you see, they said that it could only happen from the safety of their network so it was ok. Would have taken little time for a someone doing DSL traffic injection to take control from the street cabinet, reconfigure the router, get access to all data going through your network.

No system is secure, and if we are talking about state surveillance, they will do ISP/server side surveillance. Or quietly modify firmware. Or exploit terribly bad firmware. Intel vPro was broken for years and giving all the access one could hope from the network interface with no mitigation possible.
Crooks are rarely that interested in complicated network penetration unless you are a very very special target.

Keep stuff updated, pick sensible passwords, separate trusted and untrusted devices ( your TV/Game console does not need to share network with a work computer for example. Guests can have their own network as well.

This thing is getting derailed badly though.
To the OP, get some cables if it works for you it is better but is not wireless. Decently configured Wifi is good enough for most usecases and the https style security should in most case be good enough to protect your data (but not your metadata, what you connect to and when) from external scrutiny.

2 Likes

Never saw anyone express this, nor claim it.

2 Likes

Combinations of many different special characters, upper and lower case etc are not considered secure if you don’t protect your system for brute force with something like a limit for failed attempts or a delay between attempts. If a program tries out all possible combinations your best chance is a long password which is not in a dictionary, for example a word with a spelling mistake, repeated words etc.

Somebody suggested splitting this thread so it doesn’t get completely off topic. I think that would be an excellent idea, people are not paranoid enough imo.

4 Likes

@anon28032772 You DO understand the deal !!!

1 Like

Despite a slight derail, this is still pretty on topic to the OP’s question/dilemma. I think the BEST rule is the same as it has always been, be AWARE of the risks. If there are easy to do fixes, to make you more secure, DO them.

I’m not convinced the ISP’s are up to the task, or at least Verizon wasn’t for me. Whenever I’m working on clients or home networks, I always DISABLE WPS and uPNP.



I won’t go into details, but both are both very much leave you vulnerable, and many/most ISP’s leave them ON by default. Verizon in fact (2 year old modem) HID the settings from users. This meant if you scrolled through, clicked, and looked at your setup, advanced, networking settings, you could NOT find any way to disable the two big offenders mentioned above. I googled, found the HIDDEN page info to navigate to, and disable.

WOW, that’s saying something. Some may differ with my opinions on uPNP and WPS, but HIDING those options from end users while leaving them enabled ??? WTF ??

I’ve seen Reaver cracks of WPS which were utterly simple, fast, and went undetected.

I’d love to talk about the gold standard (or LACK thereof), but in response to the OP, do what you did, POST questions, TALK to people that know, and INFORM yourself (as you did and are), about possible risks, possible solutions, and/or pro’s con’s.

I’ve often heard (and might have read above ??) things like don’t worry about this, or that, or no one’s going to do this or that, and low hanging fruit attacks ARE indeed more common, but port scanning and sniffing aren’t all that out of the question either. I check all my logs, and have things very locked down, and from time to time, I can see sketchy traffic and patterns. Did have an attempted attack launched from a Russian Federation IP on a CCTV NVR which failed, but the protracted attack occurred none the less.

Keep It Simple. Change ALL the passwords (doesn’t matter what “it” is), change them all leave NO defaulted, or stock. Turn off any/all “but momma I just wanna hit the button and make it work” settings. Use the highest level of security (like WPA2) that you can, and check your logs.

4 Likes

my%20holes

3 Likes

1 Like