Wi-Fi 5 vs Wi-Fi 6

[Donut417]

1 hour ago, ItTakes2ToMango said:

Wifi 6 introduced WPA3 which is a stronger form of encryption

Last I checked my Synology RT2600AC also has WPA3. And it's a WIFi 5 router. Now that being said I have no clients that utilized WPA3. 

[Skipple]

1 minute ago, Dedayog said:

I do love my Ubiquiti mesh but wasn't sure how their single routers are.

The UDM is a pretty slick all in one machine. 

[Skipple]

7 minutes ago, Winterlight said:

At least mine router from IPS not have option controll what device can acces to router settings or block conection over Wi-Fi at all. Basically all device that is conect to router can acces to settings if know pasword.

Assuming I'm understanding you correctly, this is how essentially every router will function out of the box. If you know enough about networking you can prevent this. Create separation for client devices via VLANs then block traffic TCP traffic on 80 and 443 from devices on that VLAN to the gateway IP. Problem solved. Unless your ISP router doesn't allow for VLAN creation, I don't know why this wouldn't be possible. Regardless, even if you go with another brand, you are going to run into this same issue. 

[Winterlight]

11 minutes ago, Skipple said:

This is how essentially every router will function out of the box. If you know enough about networking you can prevent this. Create separation for client devices via VLANs then block traffic TCP traffic on 80 and 443 from that VLAN to the gateway IP. Problem solved.

Mine IPS router is custom and have very limited control. There is settings that is blocked to change like firewall for user and it not offer many advanced control option like controll what exactly device can acces to router settings or block router acces from any device that is connect over Wi-Fi.

[Donut417]

4 minutes ago, Skipple said:

Unless your ISP router doesn't allow for VLAN creation, I don't know why this wouldn't be possible. Regardless, even if you go with another brand, you are going to run into this same issue. 

Not sure what ISP equipment you have been using. Most dont offer advanced features. The goal of ISP equipment is to make things IDIOT proof. That's why more advanced users tend to buy their own equipment. 

[Skipple]

2 minutes ago, Donut417 said:

Not sure what ISP equipment you have been using. Most dont offer advanced features. The goal of ISP equipment is to make things IDIOT proof. That's why more advanced users tend to buy their own equipment. 

I mean, that's fair. It's certainly been a few years since I have used ISP provided networking equipment. I do have to image that firewall rules, port forwarding/blocking are still available however. Assuming that's available then what OP is worried about should be possible. 

[LIGISTX]

1 hour ago, Winterlight said:

Btw due I use IPS router I can't even block router settings acces over Wi-Fi basically if someone connect to Wi-Fi they coudl have full acces to router settings. That I think change new router that support Wi-Fi 6 as well not just older version. I conect PC, TV over Ethernet anyway and my phone support Wi-Fi 6 + 6 Ghz and that is the only one device that is connected over Wi-Fi. Technically I could as well connect PC to Wi-Fi 6 due it support.

You are worrying about something that doesn’t need to be worried about. 
 

No one is going to brood force your WPA2 password. Also, there is still issues with WPA3 implementation, most devices will still default to WPA2… I guarantee most of the devices on your network will only work with WPA2, so they will not actually be any more secure then they would have on WiFi 5. 
 

It only takes 1 device to be using WiFi 5 to be equally as vulnerable as all devices using WiFi 5…. But this is nothing to worry about anyways since WPA2 is secure. No individual person in your apartment is going to crack WPA2, I promise. What’s much more important is using a good WiFi password…….. set a strong password, use a password manager. 

[Donut417]

35 minutes ago, LIGISTX said:

No one is going to brood force your WPA2 password.

I clearly remember in 2017 WPA2 being cracked. While I recall this was due to how some vendors implemented things on their devices, you can't say it won't be cracked again. 

[Skipple]

Just now, Donut417 said:

I clearly remember in 2017 WPA2 being cracked. While I recall this was due to how some vendors implemented things on their devices, you can't say it won't be cracked again. 

I think the idea is that no one gives a shit enough to brute force your WPA2 password.

[Donut417]

1 minute ago, Skipple said:

I think the idea is that no one gives a shit enough to brute force your WPA2 password.

The amount of scams I see on a daily basis makes me think otherwise. Break into a WiFi network and steal passwords and bank accounts. Im sure there are automated tools that could do it. 

[Eigenvektor]

2 hours ago, Donut417 said:

I clearly remember in 2017 WPA2 being cracked. While I recall this was due to how some vendors implemented things on their devices, you can't say it won't be cracked again. 

You are correct that a vulnerability was discovered in 2017 (KRACK). Microsoft released a fix on October 2017, Linux followed soon after, so did Apple and eventually Google. So chances are good OP's network isn't vulnerable.

 

Obviously no one can guarantee WPA2 has no other vulnerabilities. But the same is true of WPA3 and any other security technology.

 

Nevertheless, switching to WPA3 sooner rather than later would certainly be better, but unless every device in the network is capable of WPA3 and you can turn off support for WPA2 entirely, nothing has changed. For example while my router got updated, it's still running in WPA2 + WPA3 mode to support older devices. I can see that my current smartphone is connected with WPA3.

 

2 hours ago, Donut417 said:

The amount of scams I see on a daily basis makes me think otherwise. Break into a WiFi network and steal passwords and bank accounts. Im sure there are automated tools that could do it. 

You'd first need get physically close enough to each network and have good enough reception to begin cracking it. That's way too much work, doesn't scale, and too much risk to get caught in the act. Most of these things rely on malware through infected downloads.

 

Even if you manage to break into a Wi-Fi network, you wouldn't be able to steal bank credentials unless you also break the HTTPS connection between computer and bank. Provided you're in the network at the exact moment someone tries to log into their bank account.

 

Of course, there's always the possibility of an exposed network share, that then also happens to contain someones credentials in clear text… but as I said above, that type of attack vector simply doesn't scale. Much easier to use other means.

[LIGISTX]

6 hours ago, Donut417 said:

I clearly remember in 2017 WPA2 being cracked. While I recall this was due to how some vendors implemented things on their devices, you can't say it won't be cracked again. 

Right, but that isn’t brute force, that’s finding an exploit. Exploits have nothing to do with the cryptographic algorithms being used. An exploit is finding a second door that wasn’t locked… brute force is trying to hit an immovable object with a hammer until you get in. 
 

There are THOUSANDS of people working around the clock every day all over the world trying to find said unlocked doors to every system. But there is nothing any of us individuals can do about that. 
 

4 hours ago, Eigenvektor said:

Obviously no one can guarantee WPA2 has no other vulnerabilities. But the same is true of WPA3 and any other security technology.

This is exactly it. Same goes for RSA and every other crypto algo… think if someone was able to find an exploit for any of the TLS/SSL implementation that banks use, or gmail uses. That would send the world into a crazed panic. But that, again, is not something we as individuals should worry about… if someone finds a WPA2 exploit, they are not going to use it on your random WiFi, they are going to sell that to the highest bidder, for literally blank checks worth of wealth… it’s just not something for OP to worry about. 

 

4 hours ago, Eigenvektor said:

Even if you manage to break into a Wi-Fi network, you wouldn't be able to steal bank credentials unless you also break the HTTPS connection between computer and bank. Provided you're in the network at the exact moment someone tries to log into their bank account.

 

Of course, there's always the possibility of an exposed network share, that then also happens to contain someones credentials in clear text… but as I said above, that type of attack vector simply doesn't scale. Much easier to use other means.

This as well… 

 

Worry about things you can control. Set a good password, don’t open ports, don’t visit questionable websites. Worrying about the security of WPA2….. not worth the energy. 

[Alex Atkin UK]

10 hours ago, Winterlight said:

Mine IPS router is custom and have very limited control. There is settings that is blocked to change like firewall for user and it not offer many advanced control option like controll what exactly device can acces to router settings or block router acces from any device that is connect over Wi-Fi.

Once someone has successfully connected to your network, getting into the router settings is the least of your problems.  The rest of the devices connected to your network are much easier targets, or just use your Internet connection to attack other people on the Internet.

 

Except, nobody is going to get into your network to begin with, as that's the hard part.

Locking down the routers UI is purely for protecting it from family members meddling with it.