@Mesophyl simmer down, tiger. It was for laughs and giggles. I know language doesn't matter and I'm aware of hashing and unicode and all of that, not an expert, but I know about it. Jesus, why so serious? 😂
@@MyReviews_karkan the comment was indeed necessary, think about someone who did not know about these technical details, they would have certainly found your comment "helpful" rather than a mere "joke".
Yep, ethernet is better. If you really need to use devices all over your home then use powerline ethernet and secure the powerline adapters with a password.
As a security professional myseld, I am actually surprised that this is a good video for home users. I was expecting some cringe. Good video! The biggest boost in security for normal users is to definitely use a password manager. too many people just re-use passwords and with all the breaches over the years, if you have been using the same password's for every site, your password has been 100% pwned. Remembering passwords is a chore, let the computer handle it.
Thanks for the Video! Apologies for butting in, I would love your opinion. Have you researched - Mahorrla Defence Wisdom Method (just google it)? It is a good exclusive guide for securing your home from danger without the normal expense. Ive heard some amazing things about it and my mate after a lifetime of fighting got astronomical results with it.
My concern with password managers is that once a hacker guesses your master password, then they have all of your passwords, no matter how "secure" you think they might be, all in one convenient place in the password manager account.
storing passwords on a piece of paper is still the most secure option available, esp given the over reach of the current state that has access or backdoor to this info with a simple unwarranted request from one of the alphabet boys,
@@n3y3g04 what if the glow boys come to your house? they have it all. keepassXC is cryptographically secure, meaning even if the glow boys have your file, they cant get access to it, and anyone can audit the codebase and check for backdoors. so really, no, a piece of paper is really not more secure. unless you just want to hide it from hackers.
@@owe9024 If the Glowboys come to your house with a warrant, your already pwnded, any digital info is not Safe, any intel or AMD processor in the recent years provides access to system data when system is powered off. You should review Intel ME Exploits and AMDs alike Tech. The more you know.
Great overview. Two more tips: most routers have a "guest network" setup where you can assign a separate SSID and password for guests to use your wifi which you can configure to not be able to access the (main) local network. Any IoT device you own such as a webcam should be placed on this guest network. And - a hidden SSID avoids the problem of wardriving by neighbors or unfriendlies. You covered the most critical stuff for normies, however.
I'm a normie when it comes to this topic, and I just used the tips in the video to setup my router. But I have a question: Does my router have this "guest network" setup when it's configured to be an access point for another router?
@@Benjamim600 Post the make and model # of your router and we can take a look at online manuals, docs, etc My tp-link router has a guest network setup with its own SSID, and password.
@@Ootgreet1 It's a tp-link Archer C20 Version 5. I actually managed to set a new SSID(a "guest" one) within the 2.4G frequency separated from my LAN 2.4G with the Multi SSID option. The thing is, I cannot get any internet access through this new "guest" SSID, and I have no idea why. I've been reading alot about routers and IP Adresses but I don't understand what is causing the problem.
I just bash my head against the keyboard a few times. Thats the most secure way especially because if you do it hard enough you will get a concussion so you won’t remember it anyway lol.
I remember my college had a default password on main hub, good thing there weren't anyone who was smart enough to learn how to set malware on router level
Put glue in the wps button so you can't press it anymorr
3 ปีที่แล้ว +2
I have some bad news for you buddy. TP link is a Chinese owned company. if you're watching this channel I assume you know that Chinese owned companies that make tech are not to be trusted at all. All your information is most likely being rented right back to the Chinese government because any company that's able to succeed in that country is an extension of the Chinese military. Get rid of that garbage as soon as you can.
Dictionary in my country will be challenging if the users use the local language for passwords. Not only we have long words (compared to English words), on top of that we have 15 declinations of every noun which adds 1-4 letters to each root noun. And they occasionally modify the root as well.
When using dictionary attacks the lenght doesn't affect that much and declinations and such are still pratons that can be used when you create the dictionary so yeah it might be a little tricky but if the attacker is a native speaker it can be done.
@@saulbadillohernandez2749 it might take longer too with more permutations. So yeah, definitely annoying, especially if they don't know the language of your password, but not uncrackable.
You are a blessing for most people Mental Outlaw. Thank you. Really, if you ever feel sad think you are the introduction to many, many people who are becoming everyday more passionate about these topics.
But does it make any meaningful difference to mix upper/lower/special/number, etc, when the password is sufficiently long? I mean, if I only use lower alphabets, if my password is 10-characters long, the possibility is 1/26^10. If I use all those weird things, it will be 1/(26*2+10*2)^10. The former is 7.0e-15 the latter is 2.6e-19. Isn't 7.0e-15 already too big to try with brute-force? Even if a hacker can try 10,000 per second, it still takes 10,743 years.
the thing is 10,000 per second is VERY slow in terms of pw cracking. Even in my PC which only has an i7 4790k and a gtx 970 I can do seceral million every second. Someone, or a team with a cluster of modern GPUs can do billions or even hundreds of billions.
@@MentalOutlaw For local attempts like finding the password for a ZIP file, one could do billions of trials per second, but isn't in case of finding Wi-Fi password, the speed limited by the communication speed with the router? Can a router respond to that many attempts in a second?
about WPS id like to thank you for alerting the viewers to turn it off in all the diagnostics ive run in many routers i saw that i managed to get their password by using pixie dust on like, 90% of them pixie dust is a method that can get the routers password by exploiting a fail that comes "built in" on the devices hardware the only 2 ways to prevent this attack is by buying an expensive router (lots of cheap routers are vulnerable to it) or by disabling WPS itself, which is the most preferrable if i would run a security check into a router, pixie dust would usually be the 1st method i would try since no matter its password security, it will give me its pin number in a matter of seconds and once someone has your pin, they will always have your password since any hacker can send the pin to the router and the router will just hand the password over to the hacker
I'm a little confused and looking things up on the web has shown no results. If linux has all ports closed by default how am I able to ssh into another linux computer? Shouldn't it be blocked then?
hei, great video! I was wondering what if some device only supports WPS? For example wifi signal repeaters, although with those I don't think there is a pin involved since you can only press one button...
im not sure myself since i never messed with repeaters but if you have to use WPS on repeaters, it means your router also has to use WPS the problem is... if someone can get your routers WPS PIN... depending on your router model it can be laughable easy (i figured out i can break my home wifi using it in mere seconds) and if a hacker has the pin, even if you change passwords, the router will give him the new password, cuz he has the routers PIN code
I was hoping you would mention swapping out the router firmware with DD-WRT or OpenWRT + not broadcasting your SSID, and finally creating a VLAN for guests. But other then that its ok advise I guess.
Eh, not broadcasting the SSID isn't really a security measure. Anyone sniffing packets flying around will learn your network is there and just not broadcasting its ID right quick. And then they'll, of course, have the SSID. You'd only stop the dumbest of script kiddies, and even then you're going to potentially increase power usage on all your devices. Not worth it, imo.
@@liesdamnlies3372 sure of course, however security is a "set of things" such that there are a set of "best practices", for example not having SSH on the standard port, or not using "admin" as the username as well as many other standard techniques, does any of those things mean that it's impossible to bypass? NO what it does mean is that it "harderns" your system through a set of practices. If you noticed I not only mentioned about disabling the SSID broadcast (standard practice for security hardening) but also having a segregated vLAN, there are of course a lot more techniques you could apply but it's a very good starting point. But of course whatever security hardening measure you deploy one could argue that some determined attacker can always defeat it, but of course you have to keep things into context, as the hardening increases so does the skill level which makes it less and less likely.
How to secure wifi? You cant, WPA2 has the KRACK vulnerability and WPA3 isn’t widely available and also has its own vulnerabilities and its brand new. Wifi isnt secure.
I never understood why coffeshops are able to provide free internet access, doesn't that grant complete untraceability for bad actors? Whose liability is it if some illegal activity is traced back to the coffee shop's IP address?
Everyone is universally praising the video but I believe you've missed 2 very major components. IDK maybe I am just talking out of my ass so I might be wrong, but regardless - You mentioned that you can set different passwords for 5ghz wifi and 2.4ghz wifi. It could be possible that you're router is different than the ones I've used, but both broadbands connect you to the same network. That is - devices on 5ghz network will be able to see and communicate with devices on 2.4ghz network. It not a good way of protecting the network at all. The correct way of doing it is via guest network. Every single router I've owned, even the decade old ones with just 2.4ghz antennas had this feature. How this works is that you have your private network which only has your devices on it. And you setup a guest network with its own SSID and its own separate password. In fact you can have a 5ghz and a 2.4ghz network for your private network ALONG with 5ghz and 2.4ghz for your guest networks. It obviously might depend on which router you're using but your guests won't have to be on the pleb speeds at least. Security here is achieved in 2 ways (afaik at least. 3 routers I have set up guest network on handled them differently) First one is creating an entirely different network. So your private network might be on 192.168.0.xxx and your guest network might be on 192.168.1.xxx. And your router will not let the devices on guest network talk to devices on your private network. The newer TP router I have keeps both devices on the same network but won't let them talk to any other device. This is what the router says - " - Allow Guests To Access My Local Network - If enabled, guests can communicate with hosts. - Guest Network Isolation - If enabled, one guest can not communicate with another. " Another neat thing you can do is to disallow accessing the router config/admin page to just a limited set of devices by whitelisting a MAC address. The way I have set it up is to whitelist only my computer, connected via a cable to be able to access the router admin page. People on your guest devices can't access the router admin page anyway, but this is just an additional layer of security. Of course they can spoof my MAC address but its better than nothing. Welp I don't really know a lot about this. This is everything I learnt from reading the router's help articles so I might have outdated information. But one thing I can say for certain is creating separate passwords for 5ghz and 2.4ghz network will do absolutely nothing in terms of network security.
How about using MAC address filtering? I had a pretty strong password that had only characters, symbols and numbers and still got hacked... but since I enabled mac filtering, no one has been able to connect to my wifi... by the way, if someone knows the shared key, is it possible to hack any strenght password with that? Cheers....
Some of the easiest WPA2: Charter/Netgear, Phone numbers. Phone numbers are easy as they are all digits and you know their area code already. Charter/netgear, there is a word list out there with all the adverbs, nouns, numbers.
For plebs who don't know, You can host a private hotspot on your wifi network using wpa if you have some older consoles/devices that dont support wpa2 without making your entire network insecure.
@@wishihadablog in practical terms if we're talking about something old enough to not support WPA2 I don't think it matters if the throughput of the pi is only 100mbps... just saying
Great Video Brother, keep up the good work and thanks for the relevant to current scenario of cyber security videos!👍🏼 Just a few doubts and concerns I have, I hope you see and clarify the same: Okay, so say I'm going the fully wired route even for Mobiles, maybe few if unavoidable encrypted WiFi, now to mitigate ISP/Intel (yeah "GLO" folks on my Court Cases list) tracking of person's Devices MAC IDs IPs, IMEI/IMSI, Sim IDs etc on the network, 1. Should one connect another personal router/modem and bridge the Connection from ISP router disabling/turning off WiFi, DHCP, WPS, so that you're only using ISP Router 1 for source of internet(entry/exit point), but from own Router 2 only the DHCP, routing, IP Allotment, MAC Filters(Allow only listed devices/deny all else) and what not begins. 2. From Router 2 Followed onto >Network Switch/es or VPN Router/s be connected for added layers of security, so say USB port 1 is external HDD for Network File Sharing Server, Printer goes Wired to 2nd USB port in Router 3(network printer)which contains own Interface VPN! Is that safe? Other routers do I need to install OPEN-WRT DD-WRT on them if available? Does a Network Switch need OpenSource Firmware installed on it or the OG interface and firmware should be fine? (D-Link DES-1210-28P Model) 3. What are the benefits/cons(if any recurring costs) of adding a Physical Firewall device(or PfSense/OPNSense PC/low powered laptop/PiHole firewall/file&email server OS device) to this mix? 4. Will that firewall device be placed prior to the ISP router or since Optical Fibernet Connections port won't be on the Firewall Device, connected to the ISP modem/router before it goes to the network, I'm guessing the latter by logic, would highly appreciate it if you/anyone else too could please let us know your thoughts on such a setup. Let's just say for a Whistle Blower/Criminal Investigative Journalist/Reporter Level kind of Setup, what sort of a streamlined secured network setup will you implement, what OSs on Devices(PCs/laptops) ROMs for Mobiles would you suggest (could you make a video please maybe) where there will be little to NO room for chances of leaks/hacks or risks of MITM/DDoS attacks in said network setup! I'm not sure, if you'll read/answer this, but I've seen most of your videos are close/closest to the topics I'm looking for so hopefully I get to see a/some video/s on this soon! Much appreciated! Take Care and God Bless!👼🏽🕵🏼🇮🇳🗺️👍🏼🙏🏼
I wouldn't put the plebs on the 2.4 GHz channel, because it can actually end up slowing down the rest of the network; e.g. they drop many more packets and end up using more bandwidth than they would if you just let them use the 5 GHz channel. The 802.11ac has vastly superior QoS
People really should consider having a separate, managed guest network. A lot of routers support it. You can also set certain devices to priority in most settings menus.
This was very helpful, thank you! I am looking to buy a new router to replace my old one, do you have any recommendations? Preferably one with a security focus..
You forgot swapping the routers antenna for an omnidirectional one and putting it on the top of your roof. Don't forget using DDWRT and increasing the power output to that of your microwave
Advanced option is to get vlan capable networking equipment and isolate your wifi in a DMZ and block all non DNS requests to your firewall from that vlan.
I'd say either a external Audio Interface or a Good Sound Card with a dedicated Mic amplifier and decent isolation, of course a high quality XLR Mic is probably the most logical choice to pair with. These days you can get a great Audio setup for your Microphone for under £70, and I mean seriously good. Price's of these types of products have dropped massively since the mid-00's
I do a randomly generated one of 64 bit characters including symbols. On top of that, I have a separate network for visitors and iot devices that is totally blocked from having access to my main network.
I set my ISP modem to bridge mode, then have OPNsense as my gateway, set my routers to access point mode. My OPNsense box has 4 ports with each firewalled off from each other. The IoT/guest network is only allowed to get DNS and connect to internet but cannot do anything with other networks.
stock/factory configurations is the security problem here. its literally so common because humans are lazy and uninformed.. which makes it an opsec issue imo but u cant really expect the whole world to be good at opsec so the most vulnerable part of the human race is basically most of it. give it some time and i think ppl will catch on to cyber security.. but right now the hackers have the floor.
ok but why tf is the routers letting someone probe for passwords 80k times a second? Most websites, and like every phone/tablet ever, only let you guess x number of times before it locks you out for x amount of time. Why would routers not also include this basic security feature.
![[Live] ศึกมหึมันส์มวยไทยสังเวียนเดือด เวทีมวยชั่วคราวสวนสยาม | จันทร์ 30 กันยายน 2567](http://i.ytimg.com/vi/pM1k6f7JXUc/mqdefault.jpg)
Arabic is my first language and my wifi password is a mix of symbols, letters and digits IN ARABIC. Good luck hacking it. 😂
@Mesophyl simmer down, tiger. It was for laughs and giggles. I know language doesn't matter and I'm aware of hashing and unicode and all of that, not an expert, but I know about it. Jesus, why so serious? 😂
@@MyReviews_karkan the comment was indeed necessary, think about someone who did not know about these technical details, they would have certainly found your comment "helpful" rather than a mere "joke".
@@GooogleGoglee Stop taking my data ;)
@@adamm5205 hehehe, than stop providing it to me so easily ;-P
Thanks for the tip
My favorite way is to not have wi-fi.
Just use templeos, it is very secure network-wise
@@ArchieHalliwell just don't use any computers at all
Yep, ethernet is better. If you really need to use devices all over your home then use powerline ethernet and secure the powerline adapters with a password.
@@suddenlywat i use a phone line
eathernet
When doing biblical studies with the girl from the park be sure to throw holy water on the router to prevent anybody from connecting to it.
As a security professional myseld, I am actually surprised that this is a good video for home users. I was expecting some cringe.
Good video!
The biggest boost in security for normal users is to definitely use a password manager. too many people just re-use passwords and with all the breaches over the years, if you have been using the same password's for every site, your password has been 100% pwned.
Remembering passwords is a chore, let the computer handle it.
Thanks for the Video! Apologies for butting in, I would love your opinion. Have you researched - Mahorrla Defence Wisdom Method (just google it)? It is a good exclusive guide for securing your home from danger without the normal expense. Ive heard some amazing things about it and my mate after a lifetime of fighting got astronomical results with it.
My concern with password managers is that once a hacker guesses your master password, then they have all of your passwords, no matter how "secure" you think they might be, all in one convenient place in the password manager account.
storing passwords on a piece of paper is still the most secure option available, esp given the over reach of the current state that has access or backdoor to this info with a simple unwarranted request from one of the alphabet boys,
@@n3y3g04 what if the glow boys come to your house? they have it all. keepassXC is cryptographically secure, meaning even if the glow boys have your file, they cant get access to it, and anyone can audit the codebase and check for backdoors.
so really, no, a piece of paper is really not more secure. unless you just want to hide it from hackers.
@@owe9024 If the Glowboys come to your house with a warrant, your already pwnded, any digital info is not Safe, any intel or AMD processor in the recent years provides access to system data when system is powered off. You should review Intel ME Exploits and AMDs alike Tech. The more you know.
Great overview. Two more tips: most routers have a "guest network" setup where you can assign a separate SSID and password for guests to use your wifi which you can configure to not be able to access the (main) local network. Any IoT device you own such as a webcam should be placed on this guest network. And - a hidden SSID avoids the problem of wardriving by neighbors or unfriendlies. You covered the most critical stuff for normies, however.
I'm a normie when it comes to this topic, and I just used the tips in the video to setup my router. But I have a question: Does my router have this "guest network" setup when it's configured to be an access point for another router?
@@Benjamim600 Post the make and model # of your router and we can take a look at online manuals, docs, etc My tp-link router has a guest network setup with its own SSID, and password.
@@Ootgreet1 It's a tp-link Archer C20 Version 5. I actually managed to set a new SSID(a "guest" one) within the 2.4G frequency separated from my LAN 2.4G with the Multi SSID option. The thing is, I cannot get any internet access through this new "guest" SSID, and I have no idea why.
I've been reading alot about routers and IP Adresses but I don't understand what is causing the problem.
A de-authentication attack can reveal hidden SSIDs via device probe requests if the attacker cares enough.
@@4x1Consciouskid so is hidden SSID worth it?
Question: why that specific logo? The cat with 4 eyes? 👀 👀
Yes why that logo
@Louis Loos could be, I was just curious :) maybe there is a different reason
I just bash my head against the keyboard a few times. Thats the most secure way especially because if you do it hard enough you will get a concussion so you won’t remember it anyway lol.
@Comentarista bash your had into your phone. Or if you have money to burn just smash it with a hammer a few times
if you don't remeber it then your also immune to the 5$ wrench method too!! 2 for 1 deal in opsec
I remember my college had a default password on main hub, good thing there weren't anyone who was smart enough to learn how to set malware on router level
CIA laughs
Thanks, TP-Link, for not allowing me to disable WPS completely...
Check if your model is supported by OpenWRT, then flash it.
@@CasualCodeChannel It's Archer C3200, so no.
Put glue in the wps button so you can't press it anymorr
I have some bad news for you buddy. TP link is a Chinese owned company. if you're watching this channel I assume you know that Chinese owned companies that make tech are not to be trusted at all. All your information is most likely being rented right back to the Chinese government because any company that's able to succeed in that country is an extension of the Chinese military. Get rid of that garbage as soon as you can.
@ oh shit
Well, VPN& TOR& DoH time
Dictionary in my country will be challenging if the users use the local language for passwords. Not only we have long words (compared to English words), on top of that we have 15 declinations of every noun which adds 1-4 letters to each root noun. And they occasionally modify the root as well.
When using dictionary attacks the lenght doesn't affect that much and declinations and such are still pratons that can be used when you create the dictionary so yeah it might be a little tricky but if the attacker is a native speaker it can be done.
@@saulbadillohernandez2749 it might take longer too with more permutations. So yeah, definitely annoying, especially if they don't know the language of your password, but not uncrackable.
Donaudampfschiffahrtsgesellschaftskapitän
le stupid websites not allowing non-ASCI characters
@@superslimanoniem4712 Hey, no password is uncrackable. Some just take longer to crack than others. I'm happy enough with longer ones.
You are a blessing for most people Mental Outlaw. Thank you.
Really, if you ever feel sad think you are the introduction to many, many people who are becoming everyday more passionate about these topics.
The big problem here is wifi routers that don't have firmware updates anymore. Do you have a wifi router + adsl with openwrt support to raccomend?
yes, this is a future video i'll be making, waiting for rona lockdowns to subside so I can purchase some routers from bby
Most cheap IoT devices do not get updates and should not be taken seriously :)
Ah yes, better wireless cable management. Very important. Only thing missing is RGB lighting.
GNU/Hurd immunity.
HAPPY 10K!!! You might remember me as Darkly Traveling Box but I'm leaving this here as a reminder that I was her since like 7k I think.
As someone getting into cybersecurity, this rundown is great, thanks
Damn does a physical master lock on my cat5 cable like that really work? That's tight.
Maybe not a master lock lol. Another model is possible, though I haven't tried this innovative method.
But does it make any meaningful difference to mix upper/lower/special/number, etc, when the password is sufficiently long? I mean, if I only use lower alphabets, if my password is 10-characters long, the possibility is 1/26^10. If I use all those weird things, it will be 1/(26*2+10*2)^10. The former is 7.0e-15 the latter is 2.6e-19. Isn't 7.0e-15 already too big to try with brute-force? Even if a hacker can try 10,000 per second, it still takes 10,743 years.
the thing is 10,000 per second is VERY slow in terms of pw cracking. Even in my PC which only has an i7 4790k and a gtx 970 I can do seceral million every second. Someone, or a team with a cluster of modern GPUs can do billions or even hundreds of billions.
@@MentalOutlaw For local attempts like finding the password for a ZIP file, one could do billions of trials per second, but isn't in case of finding Wi-Fi password, the speed limited by the communication speed with the router? Can a router respond to that many attempts in a second?
@@MentalOutlaw Much more for Intel dudes with all the computing power in the world!
@@typingcat I think cracking happens on the local machine using recorded packets
@@typingcat No sir. EAPOL packets are captured and that is the key exchange. It will be worked on offline
Hi, don't you think about creating a video about your thoughts on Mac Os and on Apple devices in general?
about WPS
id like to thank you for alerting the viewers to turn it off
in all the diagnostics ive run in many routers i saw that i managed to get their password by using pixie dust on like, 90% of them
pixie dust is a method that can get the routers password by exploiting a fail that comes "built in" on the devices hardware
the only 2 ways to prevent this attack is by buying an expensive router (lots of cheap routers are vulnerable to it) or by disabling WPS itself, which is the most preferrable
if i would run a security check into a router, pixie dust would usually be the 1st method i would try since no matter its password security, it will give me its pin number in a matter of seconds
and once someone has your pin, they will always have your password since any hacker can send the pin to the router and the router will just hand the password over to the hacker
Do you even OpenWRT?
6:05 to make it even better, you can make your 5G band invisible so nobody even knows it exists while you secretly get 5x the speed lmao
I'm a little confused and looking things up on the web has shown no results. If linux has all ports closed by default how am I able to ssh into another linux computer? Shouldn't it be blocked then?
4Chan Party Van: There's no shaggin in this wagon....
Mental Outlaw and Luke Smith are the realest....
Your contempt for letter agencies is refreshing tbh, you don't see it enough on youtube (hmm wonder why)
hei, great video! I was wondering what if some device only supports WPS? For example wifi signal repeaters, although with those I don't think there is a pin involved since you can only press one button...
im not sure myself since i never messed with repeaters
but if you have to use WPS on repeaters, it means your router also has to use WPS
the problem is... if someone can get your routers WPS PIN...
depending on your router model it can be laughable easy (i figured out i can break my home wifi using it in mere seconds)
and if a hacker has the pin, even if you change passwords, the router will give him the new password, cuz he has the routers PIN code
Actually, the WPS PIN key space is 11,000, as the last digit is just a checksum and can be generated on the fly.
I was hoping you would mention swapping out the router firmware with DD-WRT or OpenWRT + not broadcasting your SSID, and finally creating a VLAN for guests. But other then that its ok advise I guess.
Eh, not broadcasting the SSID isn't really a security measure. Anyone sniffing packets flying around will learn your network is there and just not broadcasting its ID right quick. And then they'll, of course, have the SSID. You'd only stop the dumbest of script kiddies, and even then you're going to potentially increase power usage on all your devices. Not worth it, imo.
@@liesdamnlies3372 sure of course, however security is a "set of things" such that there are a set of "best practices", for example not having SSH on the standard port, or not using "admin" as the username as well as many other standard techniques, does any of those things mean that it's impossible to bypass? NO what it does mean is that it "harderns" your system through a set of practices.
If you noticed I not only mentioned about disabling the SSID broadcast (standard practice for security hardening) but also having a segregated vLAN, there are of course a lot more techniques you could apply but it's a very good starting point.
But of course whatever security hardening measure you deploy one could argue that some determined attacker can always defeat it, but of course you have to keep things into context, as the hardening increases so does the skill level which makes it less and less likely.
@@Anhar001 security through obscurity is not security
@@liesdamnlies3372 how does it increase power usage?
Wtf with the girl in the park analogy hahaha
How to secure wifi? You cant, WPA2 has the KRACK vulnerability and WPA3 isn’t widely available and also has its own vulnerabilities and its brand new. Wifi isnt secure.
First, to say thank you! :-) 👍👋
I never understood why coffeshops are able to provide free internet access, doesn't that grant complete untraceability for bad actors? Whose liability is it if some illegal activity is traced back to the coffee shop's IP address?
Everyone is universally praising the video but I believe you've missed 2 very major components. IDK maybe I am just talking out of my ass so I might be wrong, but regardless -
You mentioned that you can set different passwords for 5ghz wifi and 2.4ghz wifi. It could be possible that you're router is different than the ones I've used, but both broadbands connect you to the same network. That is - devices on 5ghz network will be able to see and communicate with devices on 2.4ghz network. It not a good way of protecting the network at all. The correct way of doing it is via guest network. Every single router I've owned, even the decade old ones with just 2.4ghz antennas had this feature.
How this works is that you have your private network which only has your devices on it. And you setup a guest network with its own SSID and its own separate password. In fact you can have a 5ghz and a 2.4ghz network for your private network ALONG with 5ghz and 2.4ghz for your guest networks. It obviously might depend on which router you're using but your guests won't have to be on the pleb speeds at least. Security here is achieved in 2 ways (afaik at least. 3 routers I have set up guest network on handled them differently)
First one is creating an entirely different network. So your private network might be on 192.168.0.xxx and your guest network might be on 192.168.1.xxx. And your router will not let the devices on guest network talk to devices on your private network. The newer TP router I have keeps both devices on the same network but won't let them talk to any other device. This is what the router says -
"
- Allow Guests To Access My Local Network - If enabled, guests can communicate with hosts.
- Guest Network Isolation - If enabled, one guest can not communicate with another.
"
Another neat thing you can do is to disallow accessing the router config/admin page to just a limited set of devices by whitelisting a MAC address. The way I have set it up is to whitelist only my computer, connected via a cable to be able to access the router admin page. People on your guest devices can't access the router admin page anyway, but this is just an additional layer of security. Of course they can spoof my MAC address but its better than nothing.
Welp I don't really know a lot about this. This is everything I learnt from reading the router's help articles so I might have outdated information. But one thing I can say for certain is creating separate passwords for 5ghz and 2.4ghz network will do absolutely nothing in terms of network security.
You know it is the last stop, the final and ultimate guide to it when mental outlaw puts emojis on the title.
That white TH-cam make me blind xD
Keep it secret, keep it safe.
How about using MAC address filtering? I had a pretty strong password that had only characters, symbols and numbers and still got hacked... but since I enabled mac filtering, no one has been able to connect to my wifi... by the way, if someone knows the shared key, is it possible to hack any strenght password with that? Cheers....
Some of the easiest WPA2: Charter/Netgear, Phone numbers. Phone numbers are easy as they are all digits and you know their area code already. Charter/netgear, there is a word list out there with all the adverbs, nouns, numbers.
What I needed was the thumbnail, bye gotta try it if it doesn't work imma sue you.
What's a globoy?
Nobody's gettings access to those ethernet ports with that padlock in the way.
Hi can you create a video about self-hosting?
"2.4 GHz pleb frequency"
I giggled 😄
For plebs who don't know, You can host a private hotspot on your wifi network using wpa if you have some older consoles/devices that dont support wpa2 without making your entire network insecure.
Ras Pi is great for wifi to ethernet
@@randykitchleburger2780 only the Pi 4 as the previous versions only support 100MBit/s ethernet
@@wishihadablog For sure, Tried on my 3B and it's like 10Mbps. 4 easily does over 100.
@@wishihadablog in practical terms if we're talking about something old enough to not support WPA2 I don't think it matters if the throughput of the pi is only 100mbps... just saying
thanks for the tip basil
“The spooks in her network”
Great Video Brother, keep up the good work and thanks for the relevant to current scenario of cyber security videos!👍🏼
Just a few doubts and concerns I have, I hope you see and clarify the same:
Okay, so say I'm going the fully wired route even for Mobiles, maybe few if unavoidable encrypted WiFi, now to mitigate ISP/Intel (yeah "GLO" folks on my Court Cases list) tracking of person's Devices MAC IDs IPs, IMEI/IMSI, Sim IDs etc on the network,
1. Should one connect another personal router/modem and bridge the Connection from ISP router disabling/turning off WiFi, DHCP, WPS, so that you're only using ISP Router 1 for source of internet(entry/exit point), but from own Router 2 only the DHCP, routing, IP Allotment, MAC Filters(Allow only listed devices/deny all else) and what not begins.
2. From Router 2 Followed onto >Network Switch/es or VPN Router/s be connected for added layers of security, so say USB port 1 is external HDD for Network File Sharing Server, Printer goes Wired to 2nd USB port in Router 3(network printer)which contains own Interface VPN! Is that safe? Other routers do I need to install OPEN-WRT DD-WRT on them if available? Does a Network Switch need OpenSource Firmware installed on it or the OG interface and firmware should be fine? (D-Link DES-1210-28P Model)
3. What are the benefits/cons(if any recurring costs) of adding a Physical Firewall device(or PfSense/OPNSense PC/low powered laptop/PiHole firewall/file&email server OS device) to this mix?
4. Will that firewall device be placed prior to the ISP router or since Optical Fibernet Connections port won't be on the Firewall Device, connected to the ISP modem/router before it goes to the network, I'm guessing the latter by logic, would highly appreciate it if you/anyone else too could please let us know your thoughts on such a setup.
Let's just say for a Whistle Blower/Criminal Investigative Journalist/Reporter Level kind of Setup, what sort of a streamlined secured network setup will you implement, what OSs on Devices(PCs/laptops) ROMs for Mobiles would you suggest (could you make a video please maybe) where there will be little to NO room for chances of leaks/hacks or risks of MITM/DDoS attacks in said network setup!
I'm not sure, if you'll read/answer this, but I've seen most of your videos are close/closest to the topics I'm looking for so hopefully I get to see a/some video/s on this soon! Much appreciated! Take Care and God Bless!👼🏽🕵🏼🇮🇳🗺️👍🏼🙏🏼
I wouldn't put the plebs on the 2.4 GHz channel, because it can actually end up slowing down the rest of the network; e.g. they drop many more packets and end up using more bandwidth than they would if you just let them use the 5 GHz channel. The 802.11ac has vastly superior QoS
People really should consider having a separate, managed guest network. A lot of routers support it. You can also set certain devices to priority in most settings menus.
Will you.... will you marry me?
10:30 just HIDE your SSID
my isp router has a really horrible password of 12345678 (I want to completely disable its wifi hince i have router)
dumpsterfireOS™
is he the "casually explained" guy? he sounds like him
My first language is Georgian, if somebody going to Hack it in Austria 😆 i would love that person, because it means he learned Georgian ❤️
Thanks for the tips, thumbs up!!!
This was very helpful, thank you! I am looking to buy a new router to replace my old one, do you have any recommendations? Preferably one with a security focus..
let's appreciate him he put effort into his videos
Are you saying that
User: admin
Password: admin
Isn't hacker proof?
1. Set maximum transmit power
2. Set your password to ""
You forgot swapping the routers antenna for an omnidirectional one and putting it on the top of your roof. Don't forget using DDWRT and increasing the power output to that of your microwave
Advanced option is to get vlan capable networking equipment and isolate your wifi in a DMZ and block all non DNS requests to your firewall from that vlan.
🤔🤔 I wonder if mixing and matching languages would add some extra level to passwords.
How about guest networks?
All networks should have a password. Otherwise open wifi is straight up unencrypted
i am a noob, and need some help securing both machine and networks ... am able to read and follow directives.. THANK YOU IN ADVANCE
Your voice sounds so clear in your videos, what audio equipment do you use?
I'd say either a external Audio Interface or a Good Sound Card with a dedicated Mic amplifier and decent isolation, of course a high quality XLR Mic is probably the most logical choice to pair with.
These days you can get a great Audio setup for your Microphone for under £70, and I mean seriously good. Price's of these types of products have dropped massively since the mid-00's
Thank you very much bro🔥🔥🔥
How about using a chain of random words as a password? How sophisticated are the dictionary based cracking tools?
"For bible study" HHMMmmm.
why do you have cringe emotes on your thumbnail man 😫😫😫😫
"pleb frequency" I died. :D
I'm new at this. What he mean by this?
Disable SSID Broadcast, if people cant see your SSID it's harder for them to guess the name as long as you don't make it obvious.
true, but that's more "security through obscurity" basic wifi analyzers can uncover a hidden ssid
@@MentalOutlaw Fair enough, this is something additional that the normies can do to make it harder for the basic skiddie to remote to their router.
My favourite thing is to switch some of my favourite words into binary
why the thumbnail is literally putting a lock on ethernet cables
And there are also people who use the password as their *city* password which isn't secure lol...
@ 13:00 ROFL, pictured the actual dumpster and flames.
How about hidden SSID? Does it add any layer of security or am I doing it for no reason?
let's appreciate he's work he put in his videos..
Apparently you need to put a lock around your lan cables...
F@ck, I thought not using the same password for my accounts was enough to secure my internet activity, never expected this was a rabbit hole...
I do a randomly generated one of 64 bit characters including symbols.
On top of that, I have a separate network for visitors and iot devices that is totally blocked from having access to my main network.
I set my ISP modem to bridge mode, then have OPNsense as my gateway, set my routers to access point mode.
My OPNsense box has 4 ports with each firewalled off from each other. The IoT/guest network is only allowed to get DNS and connect to internet but cannot do anything with other networks.
I change my passwords every 3 months
Sec-ops is a vital part of Linux users life! Listen to the advices!
Yeah, I'm not smart enough to understand this
Don't forget that evil twin attack.....
default gateway 192.168.0.1 pretty much never happens its 1.1 just like in the vidjea
stock/factory configurations is the security problem here. its literally so common because humans are lazy and uninformed.. which makes it an opsec issue imo but u cant really expect the whole world to be good at opsec so the most vulnerable part of the human race is basically most of it. give it some time and i think ppl will catch on to cyber security.. but right now the hackers have the floor.
My default gateway is Not whatever he said.
If you just dont do any suspicious things, the party van will never come even if they know all about your internet history.
13:00 The disrespect is so casual and brutal.
Could you please turn your videos into podcasts as well?
my wifi password is password. How ridiculous right.
Im letting him down... im not wicked smart :(
ok but why tf is the routers letting someone probe for passwords 80k times a second? Most websites, and like every phone/tablet ever, only let you guess x number of times before it locks you out for x amount of time. Why would routers not also include this basic security feature.
It actually doesn't work that way. It works by capturing the handshake for your router and than using any method to crack a hash.
@@ironosenshicas How do you prevent capturing a handshake?
what about a dedicated router like pfsense or sophos?
air cerack ng!!!!!!!!!
OMG He said herd mentality LOL
5:00 or you mean everytime you connect your xbox
oh guys try looking at the nose on the smiley for like 2 min then look at a white wall and blink a couple of times
Weird flex, but okay.
You're goddamn right!
What do you mean by "party van"? I'm sorry I'm uncultured
Fbi
Playback speed 1.5x
🙏
Easy don't have one...
Good video. Thanks.
6:30 wifi exploit?