Announcement

Collapse
No announcement yet.

Off-Topic: Is WiFi secure for tax work

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    #16
    I suggest you speak to the IRS

    The publish a guide on security.

    The ideal scenario would be.
    Hard wired No wireless.
    strong password (complex ) on the computer.
    The hard drive on the computer should be encrypted.

    However....
    If you do use wifi

    Use WPA2/personal.
    The SSID. should be hidden.

    The SSID is the name of the network you are connecting to.
    With it hidden you have to know what it is - extra security - .

    The password should be at least 8 characters. More=better. (complex)
    Complex = upper and lower case characters as well as at least 1 number and/or Special Characters [$*!_<) etc]

    And yes. To be totally secure the MAC address should be configured into the router so only that PC or Device can access.
    The MAC address is like a street address embedded into the hardware and cannot be modified easily (if at all) - I'm sure you can spoof!!
    Last edited by MAJ; 12-17-2013, 02:15 PM.
    Matthew Jones
    Tax Preparation
    Computer Consultant


    Tax Season is here!
    Make sure everything is working, extra ink or toner is available, Advil in top drawer!

    Comment


      #17
      Originally posted by David1980 View Post
      I don't think we're talking about the same thing. Computer G being some other random internet user could be located anywhere on the planet. I think you're talking about someone physically near who is within range of my wireless router (perhaps a neighbor) - not a random internet user.
      It wouldn't occur to me that a computer elsewhere on the planet would even enter the discussion. The obvious problem with wifi is someone sitting in a car, or in the coffee shop next door, trying to crack the wifi.

      Originally posted by MAJ View Post
      Use WPA2/personal.
      The SSID. should be hidden.
      It doesn't matter whether it's WPA2/personal or WPA2/enterprise, although very few small offices will have the resources to manage the enterprise version. Thus all you really need to remember is WPA2.

      As for hiding the SSID, that's debatable. When SSID broadcasting is on, your wireless router broadcasts the network name all the time so everyone can see it. When SSID broadcasting is off, your wireless computer/smart phone/printer/etc. broadcasts the network name so everyone can see it, but only when they're not connected to the network. This would be rare for the fixed devices, but common for smart phones. Search for "said broadcast disabled vs enabled" to find lots more discussions.

      Finally,
      And yes. To be totally secure the MAC address should be configured into the router so only that pc or device can access. The mac address is like a street address embedded into the hardware and cannot be modified easily if at all.
      more later.
      The MAC address is easily spoofed. See https://en.wikipedia.org/wiki/MAC_spoofing . In fact, back in the very early days of cable internet, we had a cable modem quite capable of locking to a single MAC address client, as the cable company still labored under the dream of charging us for each computer hooked up to the net. But we also had an ordinary, off-the-shelf consumer router that had MAC spoofing built into its configuration menu, so that the router could pretend to be the computer that made the initial connection through the modem. Legal, as our particular cable company never used the MAC address limitation (as far as I know), even though they had the technical ability to do so.

      Which is not to say that there's never a cause for configuring MAC addresses into the router. For a wifi network, it's silly, as anyone smart enough to crack the WIFI password will be able to spoof the MAC addresses. For a hardwired network, it can be useful to prevent the unsophisticated dishonest employee (or others) from sneaking a device onto the network. But if you're worried about that, you should also be investing in computers that lock the various cable connections behind a door. (See http://krebsonsecurity.com/2013/12/s...-sale-skimmer/ for some scary info.)

      Comment


        #18
        Originally posted by Gary2 View Post
        It wouldn't occur to me that a computer elsewhere on the planet would even enter the discussion.
        It'd be an absolutely insane concern - however, it's how I read Roberts post, initially. That using wireless would cause local traffic to bounce around the internet. Reading it now, it's obvious he was comparing local traffic to internet traffic not saying that wireless causes the local traffic to become internet traffic. Perhaps I hadn't had my coffee.

        But if you're worried about that, you should also be investing in computers that lock the various cable connections behind a door. (See http://krebsonsecurity.com/2013/12/s...-sale-skimmer/ for some scary info.)
        I agree, the physical security can't be ignored. If the goal is to obtain a bunch of social security numbers and identifying information most likely to do identity theft, a smash and grab is probably the easiest way to achieve that. How many people are keeping their server and file cabinets physically locked up? I'd be concerned about that, especially in Florida.

        Comment


          #19
          Speaking of Computer Safety and the IRS......

          IRS Specifications for computers and Tax Preparation.



          However.......
          United States Treasury, IRS, taxpayers, image, Treasury, 2008, vulnerabilities, photos, credit, computer security, front, recommendations, computer systems, security, jpg, fronts, tech, specification, Financial Management Service, refund, Article, 6053651
          Matthew Jones
          Tax Preparation
          Computer Consultant


          Tax Season is here!
          Make sure everything is working, extra ink or toner is available, Advil in top drawer!

          Comment


            #20
            Originally posted by Gary2 View Post
            It doesn't matter whether it's WPA2/personal or WPA2/enterprise, although very few small offices will have the resources to manage the enterprise version. Thus all you really need to remember is WPA2.

            As for hiding the SSID, that's debatable....
            While I might be inclined to argue the relative security of the personal and enterprise implementations of WPA2 in a high-assurance environment, I agree that, for purposes of tax preparation, the distinction is not important. If you find by some quirk that you can avail yourself of WPA2/Enterprise, so do. If not, WPA2/Personal is quite robust. Standard WPA is more vulnerable, and the implementation of basic WEP is so weak that to enable it at all (if you have a router that still supports it) would provide only a false sense of security.

            Hiding an SSID is like locking a screen door: it deters only those who both dishonest and technically inept. ;-)
            --
            James C. Samans ("Jamie")

            Comment


              #21
              At the bare minimum you must use MAC authentication so that only those devices that you have allowed to log in can log in. In addition to using WPA or WPA2 and hiding SSID.
              Taxes after all are the dues that we pay for the privileges of membership in an organized society. - FDR

              Comment


                #22
                Originally posted by ATSMAN View Post
                At the bare minimum you must use MAC authentication so that only those devices that you have allowed to log in can log in. In addition to using WPA or WPA2 and hiding SSID.
                I don't oppose the use of MAC filtering or hiding SSIDs. It's just that a semi-knowledgeable attacker -- a "script kiddie," as some say -- with a simple tool will be able to siphon the SSID and spoof a MAC known to be in-use on the network.

                Also, whether using WPA or WPA2, the largest attack vector is the Wi-Fi Protected Setup (WPS) feature that accompanies most WPA/WPA2-capable devices to make it easier to establish connections. WPS affords a mechanism for sharing the secret key without having to know the secret key, and it does so on the basis of a relatively simple passcode, which has the effect of allowing an attack to bypass a very strong passphrase by attacking a weaker one.

                Bottom line: wireless networking is fine as a concept. There's no reason it can't be as strong as wired networking when it is properly implemented. But it's easier to make a mistake that leaves your network vulnerable when you're communicating wirelessly, because outsiders can listen to the network's internal traffic without having to gain physical access to the infrastructure.
                --
                James C. Samans ("Jamie")

                Comment


                  #23
                  Really?! Do you really think someone would be interested in hacking your measly little business when they could hack the IRS or the bank down the street? If your wifi is protected by a password, unless the ex spouse is looking for the former spouse's return and knows you prepared it...I wouldn't sweat it.
                  Believe nothing you have not personally researched and verified.

                  Comment


                    #24
                    Originally posted by taxea View Post
                    Really?! Do you really think someone would be interested in hacking your measly little business when they could hack the IRS or the bank down the street? If your wifi is protected by a password, unless the ex spouse is looking for the former spouse's return and knows you prepared it...I wouldn't sweat it.
                    It's true that I've never heard of anyone's wifi being hacked to get data from a tax office, but I have heard of computers being stolen for the tax data. Apparently it's easier to break and enter the typical tax office vs. the IRS building or a bank...

                    Comment


                      #25
                      @taxea: The question asked was whether it was "secure" for tax work.

                      I'm not in a position to estimate the threat/probability of an attack being directed against the network. The only part of the equation that is within the control of the business is its level of vulnerability, which is a function of what security it has in place. So, I'm saying that MAC filtering and SSID hiding are both check-the-box activities, whereas WPA2 provides reasonably robust security.

                      I see it as due diligence.
                      --
                      James C. Samans ("Jamie")

                      Comment


                        #26
                        Stick to Wired Networking

                        My office is still on CAT 5 cable networking with a linksys router/hub. I do have Wifi but do not use for tax preparation.

                        If you will notice that most computers will shut off Wifi automatically as soon as it detects the ethernet cable plugged in and alive.
                        Taxes after all are the dues that we pay for the privileges of membership in an organized society. - FDR

                        Comment


                          #27
                          Wifi and Computer Safety

                          At our office we had our computer tech set up a guest portal. They have access to the internet that way. According to our IT guy it's safe.

                          Comment

                          Working...
                          X