You are here: Home » Forum
Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: X32 and WiFi security

  1. #1
    Junior Member
    Join Date
    Apr 2013
    Location
    Southwest Ohio
    Posts
    7

    X32 and WiFi security

    What, if any, provisions are there for security between the X32 and any wireless remote controllers like an iPad? If I were to bring my own iPad to a show, is there anything that would prevent me from sweeping the network to determine the IP addresses, then plugging the X32's IP address into my own copy of XiControl and messing with the board?

  2. #2
    Senior Member
    Join Date
    Apr 2013
    Location
    Jaffrey, New Hampshire Lat/Lng: 42.8129750,-72.0248270
    Posts
    553

    Cool

    This is weird I was thinking the same thing today.

    I got my eye on you, Phil.
    ♫♪♫ I have a fever and the cure is cowbell ♫♪♫ .......... *LIVE FREE OR DIE* .......... ♫ I'm all ears ♫

  3. #3
    Super User
    Join Date
    Dec 2012
    Location
    SW Ontario Canada
    Posts
    2,712
    Most modern wireless routers have lockdown filters available for wireless.

  4. #4
    Senior Member
    Join Date
    Apr 2013
    Location
    Jaffrey, New Hampshire Lat/Lng: 42.8129750,-72.0248270
    Posts
    553
    Quote Originally Posted by Paul Vannatto View Post
    Most modern wireless routers have lockdown filters available for wireless.


    I know but think of the odds of finding an open one, Paul.
    ♫♪♫ I have a fever and the cure is cowbell ♫♪♫ .......... *LIVE FREE OR DIE* .......... ♫ I'm all ears ♫

  5. #5
    Junior Member
    Join Date
    Apr 2013
    Location
    Southwest Ohio
    Posts
    7
    Quote Originally Posted by Paul Vannatto View Post
    Most modern wireless routers have lockdown filters available for wireless.
    Yes, they do. And it would be a best practice to make certain that the WiFi router was running WPA2 security, so that some random person at a gig wouldn't be able to connect to the router. But you can't count on that - not everybody knows they need to set router security. Pretty much every smart phone in existence has the capability to connect to any WiFi router it can see, which would certainly include the WiFi that the X32 happened to be on. That means every gig will be loaded with people who have the hardware to potentially mess with your network. You can't count on all of them not having the motivation.

    I do network security in real life, and that means looking at security exposures wherever they might be found. This is a security exposure. Ideally, the link between the X32 and the iPads would be authenticated at a minimum. Encrypted would be better, on top of what the wireless link provides.

  6. #6
    Super User
    Join Date
    Dec 2012
    Location
    SW Ontario Canada
    Posts
    2,712
    But if you lock the wireless completely down, assign a static IP address to the iPad or laptop and only allow that IP address - would that not eliminate any potential of someone else fiddling with your mix?

  7. #7
    Junior Member
    Join Date
    Apr 2013
    Location
    Southwest Ohio
    Posts
    7
    Quote Originally Posted by Paul Vannatto View Post
    But if you lock the wireless completely down, assign a static IP address to the iPad or laptop and only allow that IP address - would that not eliminate any potential of someone else fiddling with your mix?
    It reduces the attack surface, yes. It does not eliminate the possibility of attack, though it will likely raise the bar enough to deter casual vandalism. However, this requires that the person setting up the X32 realize that a WiFi attack potential exists and is capable of implementing router security.

    The need for extra security in the router would be vastly reduced if there was authentication between the X32 and the remote controllers -- a shared password would help enormously here. This is obviously something that could be done with a firmware upgrade. In the mean time, I'd recommend to Behringer that they should issue a 'best practices' document someplace that lets users know they should practice 'safe networking.'
    Last edited by Phil Reed; 04-30-2013 at 12:09 PM. Reason: clarification

  8. #8
    This is quite simple IMHO.

    The first thing to do is setup your wireless router to use WPA2. At this point, anyone at the gig will be able to SEE your wireless network, but will not be able to connect to it without your password.

    If you are really paranoid about people being able to see your connection (IMHO someone would really have to want to screw your gig up badly in order to break the WPA2 encription and log-in), you can always make your router invisible. This is also a simple setting called "discoverable". This makes it harder for you to hook up devices yourself though, and I don't usually want to hassle with it myself.

    Finally, you can restrict access to your router by MAC address which limits the devices that can connect only to the ones you specify.

    My personal opinion is that you only need WPA2.

  9. #9
    I've read that the security protocols make the connection more finicky, and as such the best approach is to just disable the SSID broadcast.

  10. #10
    Nothing in wireless is really secure.

    But you need a lot of know how, time and technical equipment to hack a careful configured router.

    My experience over years and approximately 1000 routers is to consider following points:

    Switch off WPA, only use WPA2 (please check: Some units cannot switch off WPA)
    Hide your SSID
    Switch on the mac-filters
    Limit the working ip's tto the necessary numbers (one for console, one for ipad?)
    Use strong passwords
    Use routers with timeouts when connect with wrong password

    If you consider all this points (seems a little bit paranoid) a very good equipped hacker with good knowledge will need days to get access to your wlan.

    A very secure way is to use an additional VPN between the ipad and the router. In this case you had to configure a firewall on the router. So if your password is hacked there is still no access to your console.

    This article describes how to hack wpa/wpa2:
    http://www.scmagazineuk.com/wifi-is-...rticle/119294/

    Hacking happens mostly about two reasons:
    Earn money or be a hero!

    I think that hacking a X32 cannot be sexy enough to legitimate the big effort.

    Hope it helps

    P.S. I used in most cases Microtik routers. Till now, I have never heard that this units are hacked.
    But this units better be configured by an professional.
    Last edited by Fritz Knig; 05-02-2013 at 05:22 AM.

Page 1 of 2 12 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •