Continue to Site

Welcome to our site!

Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.

  • Welcome to our site! Electro Tech is an online community (with over 170,000 members) who enjoy talking about and building electronic circuits, projects and gadgets. To participate you need to register. Registration is free. Click here to register now.

Ethernet and wifi modules

Status
Not open for further replies.

Wp100

Well-Known Member
Hi,

Forgive the seemingly basic question, am looking for some help on the security of the above as my knowledge in this area is zilch.

When using an Ethernet card, say with an Arduino / Micro , as a web server connected to the pcs router via its address of 192.168 etc.
Is it then only visible by my PC /Router or does this allow anyone on the web to access /hack it ? and therefor expose the main pc to be also hacked more readily ?
Is there anyway /anything I should be doing to make it more secure ?
( my routers default password has been changed for something better)

Same with the ESP8266 wifi modules, while I read that it does use the routers wifi password, can it also be seen by the rest of web via the router ?
 
The WIFI SSID is local. Meaning those that can see the WIFI SSID have access to the "wires". You can make the SSID invisible. The password for the WIFI provides encryption.

The ROUTER is a separate issue. There should be/can be a setting that allows management outside the private network (192.168 is one example). "Your router" is given a public IP address,so your network is "routeable" on the Internet. Usually, that public address changes in a home setting. If you use www.whatismyip.com, it will tell you your current public IP address or ESSENTIALLY the address of your router.

DSL works slightly differently, that;s why I said essentially.

Further security can be placed on your network by only allowing certain MAC address to connect. MAC addresses can be cloned. MAC addresses are unique to each piece of hardware. They HAVE to only be unique on a routeable segment.

MANAGED switches can control who talks to who in your network.

[cable/DSL blurb can go here]

Getting in, is more difficult. Viruses get loaded onto PC's from programs that can do damage. "Tricks" are employed so you download them. Once those programs are on your PC, you become vunerable.

Each service on the internet is assigned a "default port" or a number. http is 80. so www.google.com is one of 65.199.32.151:80. The 65.199.32.151 is assigned by the Name Server system. 80 is the port.

The router with NAT (Network Address Translation) makes only one machine see a port/service from the internet. As a simple example, you router KNOWS the MAC address of your PC and it sends a request to Google on some port A That becomes a request from your router's public IP adddress as though it was on port A. When it comes back,it routed to the router and the router looks at the MAC address and assigns the IP address of your local network.

In reverse, you make the assignments in your router. What machine is what port. Webservers don't have to be on port 80.

To see reliably your network on the public internet, you need a service called Dynamic DNS in a cooperation with your router. This may router. MrEd.dyndns.org to your public IP address even if it changes.

Running a mail server is not really possible, because certificates are involved AND the IP address must be able to be reverse DNSed. So, 65.199.32.152 must resolve to www.google.com and www.google.com must resolve to 65.199.32.152 at all times. This also makes https work or secure http. The authority issuing the certificate is the gate keeper, thus you have to be who you say you are.

Many protocols pass the passwords in the clear. SSH is one that doesn't. In one implementation of SSH, a key is stored on each machine. A directory is readable where those keys are stored. Those machines can log in knowing the generated keys. It's been a while since I did this.

VPN's or virtual private networks can EXTEND the reach of a corporate network over the Internet, so your Virgina location can appear to be in Chicago. VPN service providers can also put you as though you are anywhere in the world. Certain VPN providers don't store your IP address vs time and thus can't provide it when requested.

A short word about ENCRYPTION. Unix/Linux uses a one-way cypher. Some mathematical operation is applied to the input password that is not. The encrypted version used to be stored in the clear and anyone had access. So, if the encrypted passwords matched what was stored,your in. With the event of more processing power and say dictionaries, passwords can be guessed. Numbers. letters and special characters make it really hard to guess.

I opened a 3 digit suitcase lock with the first try. I got the master password of a copier on the second.

Another encryption is based on a public and private key. The public key is known to anybody. One private key is known to the individual machines. Take two prime numbers, 3 and 11 and multiply them. 3 x 11 = 33. Make 33 the public key and 3 and 11 the private keys. One can take the public key and the private key of the destination and obtain the private key of the the user.

When those number are astronomically large, like 256 bits, "brute force"takes a very long time.

Hopefully, this wasn't too complicated.
 
Last edited:
Status
Not open for further replies.

Latest threads

New Articles From Microcontroller Tips

Back
Top