# How secure is the wireless bridge? Should I put it on different network?



## nuke (Aug 14, 2003)

I have a whole home HR44, Wireless bridge and a wireless mini just installed. 

The 44 is on my wired network. I understand that it routes IP over coax to the wireless bridge, so the wireless clients can access streams from the HR44, but also get IP service to the internet via the HR44 as well. 

I see the "DIRECT_TV_WVB_xxx" SSID on wifi, so it is there if anyone knows the password to it. 

Since I don't control it, do I need to move the HR44 to a guest network with no access to my internal network for security?


----------



## inkahauts (Nov 13, 2006)

It's secure as your wireless router if not more so. I wouldn't worry about it at all.


----------



## harsh (Jun 15, 2003)

It is probably at least as secure as your router.

If you moved it to a guest network, you would lose access to using GenieGo, DIRECTV2PC and SHEF (mobile device apps) as your DECA cloud can't span subnets.


----------



## Laxguy (Dec 2, 2010)

He could then move all the above to the Guest network, though as noted before, why bother. Unless you're being tracked by a gov't agency, security should be a non-issue.


----------



## peds48 (Jan 11, 2008)

Laxguy said:


> He could then move all the above to the Guest network,


"guest Network" is more of the time by default only available via WiFi. while you indeed can use a bunch of gadgets to connect non wireless devices to WiFi, I dint think is really worth the effort


----------



## NR4P (Jan 16, 2007)

To answer the OP's question, there is a password and it is randomly generated by the Directv system.
It is very fairly complex and if you have WPA2 encryption enabled on your home network, I wouldn't worry about a thing.


----------



## nuke (Aug 14, 2003)

NR4P said:


> To answer the OP's question, there is a password and it is randomly generated by the Directv system.
> It is very fairly complex and if you have WPA2 encryption enabled on your home network, I wouldn't worry about a thing.


That's what I'm wondering about. Since I don't control the password to wireless video bridge, which is simply acting as a wireless access point, I can segregate the entire DTV system by firewalling off the HR44.

If there's a back door way to get to my wireless network, that compromises my home (and work) network security.


----------



## inkahauts (Nov 13, 2006)

nuke said:


> That's what I'm wondering about. Since I don't control the password to wireless video bridge, which is simply acting as a wireless access point, I can segregate the entire DTV system by firewalling off the HR44.
> 
> If there's a back door way to get to my wireless network, that compromises my home (and work) network security.


That access points security is likely as strong or stronger as your wireless networks. I wouldn't worry about it. It's not something simple like a name.


----------



## harsh (Jun 15, 2003)

nuke said:


> If there's a back door way to get to my wireless network, that compromises my home (and work) network security.


Do you restrict MAC addresses on your regular Wi-fi network? As I see it, restricting by MAC address is really the only way you can create a measurable security difference between a password you know and one that you don't.

You can certainly sequester the DECA cloud but you'll lose access to the LAN features as I mentioned above.

If your concerned about the security of your workplace traffic, VPN can help (unless the workplace is your home).

The most certain way to avoid a Wi-fi attack is to not use Wi-fi at all.


----------



## nuke (Aug 14, 2003)

Yes, I only allow wifi clients with known MAC address to connect to my home network and I have a hidden SSID. 

I have 99% wired clients on my home network. The location of the TV the wireless Genie is on didn't have access to a coax run. I'll see about sequestering the HR44 or at least treating it as an untrusted network and firewall it.


----------



## peds48 (Jan 11, 2008)

Tin hat on.

Wow, I just wonder why someone will go through all this trouble. It seems if someone wants to hack a network, it WILL get hacked. The Pentagon, Sony, Xbox, PSN, South Korea, Home Depot, Target, Staple, etc are just a few of the networks supposedly run professionals enterprises that got hacked. 

It seems that when the group Anonymous says that they will hack a network they succeed 100% of the time. Food for thought....

Tin hat off.


----------



## Bill Broderick (Aug 25, 2006)

peds48 said:


> Tin hat on.
> 
> Wow, I just wonder why someone will go through all this trouble. It seems if someone wants to hack a network, it WILL get hacked. The Pentagon, Sony, Xbox, PSN, South Korea, Home Depot, Target, Staple, etc are just a few of the networks supposedly run professionals enterprises that got hacked.
> 
> ...


The same logic could be applied to your house or car. If someone wants to break in, they will. However, people lock their doors and install alarms as a deterrent so that someone will choose an easier target to hit. Unlike Sony, The Pentagon, etc..., my house is not a high value target. My home network doesn't provide access to things that my neighbor's home network provides access to. So, one person's network requires a little more effort to access, than their neighbor's does, their neighbor's is more likely to be the target.


----------



## peds48 (Jan 11, 2008)

Bill Broderick said:


> *The same logic could be applied to your house or car*. If someone wants to break in, they will. However, people lock their doors and install alarms as a deterrent so that someone will choose an easier target to hit. Unlike Sony, The Pentagon, etc..., my house is not a high value target. My home network doesn't provide access to things that my neighbor's home network provides access to. So, one person's network requires a little more effort to access, than their neighbor's does, their neighbor's is more likely to be the target.


Right, and as such all we can do is put basic measures (lock doors) to prevent the uninitiated, the "noobs" if the real thieves wants it, no alarm, or what have you will prevent theft. Same applies to the network, basic protection such as the one that comes with routers should suffice, everything else is overkill for no benefit.

BTW, how is one to know what network is a better target than another one, unless the hacker is a friend of yours, and if that is the case, you have bigger problems.

And also, are you implying that car alarms prevent theft?.... I have more trust on that LED that comes with the alarm that the alarm itself....


----------



## Bill Broderick (Aug 25, 2006)

peds48 said:


> And also, are you implying that car alarms prevent theft?.... I have more trust on that LED that comes with the alarm that the alarm itself....


I'm implying that if there are two nearly identical cars parked next to one another with the only difference being that one appears to have a security system and the other one doesn't, someone looking to steal a car would be more likely to choose the one without the security system.


----------



## dpeters11 (May 30, 2007)

nuke said:


> Yes, I only allow wifi clients with known MAC address to connect to my home network and I have a hidden SSID.
> 
> I have 99% wired clients on my home network. The location of the TV the wireless Genie is on didn't have access to a coax run. I'll see about sequestering the HR44 or at least treating it as an untrusted network and firewall it.


Just making sure, but you do realize that hiding the SSID really does nothing for security, and MAC address filtering isn't a whole lot better. Hopefully you've disabled WPS


----------



## peds48 (Jan 11, 2008)

Bill Broderick said:


> I'm implying that if there are two nearly identical cars parked next to one another with the only difference being that one appears to have a security system *and the other one doesn't*, someone looking to steal a car would be more likely to choose the one without the security system.


But I am not implying to run an unsecured networked. your analogy would be more like both cars have alarms, both one of them has a better alarm which is unknown to the thieve until he tries.


----------



## peds48 (Jan 11, 2008)

dpeters11 said:


> Just making sure, but you do realize that hiding the SSID really does nothing for security, and MAC address filtering isn't a whole lot better. Hopefully you've disabled WPS


Exactly what my thinking. All of this does is provides a false sense of security.


----------

