Question Shared wlan security

[Agrum]

Hi, I just moved in a new flat in a small renovated building with 6 flats in Germany. The landlord is providing me a WLAN connection but since I don't see any routher in my flat, and since the WLAN nome is "top floor", I think that this is shared with other tenants (at least with the neightbour on the same floor).
I am a bit worried about my privacy but I have no idea of how easy can be to access data by just knowing the WLAN password.
Do you have any advice?

 

[EyyMunchian]

Hi, I just moved in a new flat in a small renovated building with 6 flats in Germany. The landlord is providing me a WLAN connection but since I don't see any routher in my flat, and since the WLAN nome is "top floor", I think that this is shared with other tenants (at least with the neightbour on the same floor).
I am a bit worried about my privacy but I have no idea of how easy can be to access data by just knowing the WLAN password.
Do you have any advice?

Use a VPN, WLANs with a password DO have data encryption but you never know what your sneaky neighbors might be up to. Someone on the network can sniff information.

 

[Agrum]

Use a VPN

I forgot to say that I also have a ethernet socket in my flat so I could place an access point o something else but I have no idea if this will help somehow

 

[EyyMunchian]

I forgot to say that I also have a ethernet socket in my flat so I could place an access point o something else but I have no idea if this will help somehow

You can, but if the flat's networking technician is worth their salt they would have disabled non host (routers, switches, hubs, etc) device access to those ports. You can certainly try. I would ask the owner first.

 

[hotaru.hino]

Treat the network as any other public network.

To start, make sure the network is flagged as public. This hides your computer from others in the network and changes the firewall rules to prevent some apps from accessing the network (you can change this). See https://support.microsoft.com/en-us/windows/make-a-wi-fi-network-public-or-private-in-windows-0460117d-8d3e-a7ac-f003-7a0da607448d#:~:text=Select the Start button, then,Public (Recommended) or Private.

You can also use a VPN if you want, but if you're connected to a site via HTTPS, the data is encrypted anyway. And if the site isn't HTTPS and requires sensitive information, go somewhere else.

 

[Agrum]

Treat the network as any other public network.

To start, make sure the network is flagged as public. This hides your computer from others in the network and changes the firewall rules to prevent some apps from accessing the network (you can change this). See https://support.microsoft.com/en-us/windows/make-a-wi-fi-network-public-or-private-in-windows-0460117d-8d3e-a7ac-f003-7a0da607448d#:~:text=Select the Start button, then,Public (Recommended) or Private.

You can also use a VPN if you want, but if you're connected to a site via HTTPS, the data is encrypted anyway. And if the site isn't HTTPS and requires sensitive information, go somewhere else.

Thank you for the suggestions.
What about mobile phones? How vulnerable they are?

 

[hotaru.hino]

Thank you for the suggestions.
What about mobile phones? How vulnerable they are?

I'll need to verify with my phone and iPad, but I'm pretty sure they don't show up on the network. So my assumption is they're not discoverable either. Though keep in mind "not discoverable" doesn't mean if someone knows the IP address, they can't ping it. They can still ping it and get a response. But keeping the computer undiscoverable makes the computer refuse more attempts to do something with it in the network by default.

Also I should clarify the last statement I made in my post. The actual data payload when connected to an HTTPS website is encrypted. If someone was on the network and sniffing packets, they can still tell where the packets are going. A VPN will mask this.

Also I don't know about the data from applications, like say games. But I hope if they require a login they've done their homework and implemented some basic security.

 

[Agrum]

I'll need to verify with my phone and iPad, but I'm pretty sure they don't show up on the network. So my assumption is they're not discoverable either. Though keep in mind "not discoverable" doesn't mean if someone knows the IP address, they can't ping it. They can still ping it and get a response. But keeping the computer undiscoverable makes the computer refuse more attempts to do something with it in the network by default.

Also I should clarify the last statement I made in my post. The actual data payload when connected to an HTTPS website is encrypted. If someone was on the network and sniffing packets, they can still tell where the packets are going. A VPN will mask this.

Also I don't know about the data from applications, like say games. But I hope if they require a login they've done their homework and implemented some basic security.

Ok quite clear. Of course I hope that my neightbour is not a professional hacker, I just wanted to understand how much I should worried about and what are the things I could do 😀

 

[bill001g]

It likely is not a huge exposure as mention HTTPS is your main protection and be sure you have the security on windows set to public network. This will prevent them from say open a file share on your machine if you were dumb enough to use files shares with no passwords.

To intercept ethernet they would have to have a physical device in the path or have the router designed to intercept data.

Wifi is fairly secure even if someone knows or shares the password. This password better called a pre-shared key is only used at the very start of your session. It only real function is to allow your machine and the router to create a unique set of keys for that session. The preshared key is no longer used after that point.
So someone would have to capture the first couple message, figure out what the new generated sessions keys were....they are calculated not transmitted...and then use that to decode the data. The new WPA3 standard is designed to prevent that kind of attack even though many devices still only support WPA2.
You have to be a fairly hardcore hacker to try to intercept and decode encrypted wifi. It is extremely hard to even capture the raw data before you even get a chance to break the encryption. Most consumer wifi chipsets do not have the ability to capture data any longer.

 

[alceryes]

You could do a quick network scan.

SoftPerfect Network Scanner : fast, flexible, advanced

Fast multi-threaded IPv4/IPv6 scanner with an extensive range of options and advanced features for system administrators and general users.

www.softperfect.com

If you see other devices/endpoints, outside of your own, then you have multiple (all?) tenants on the same network. Definitely treat it like the public network it is at this point. Use a VPN. I would also ask my landlord to segment each rental unit in the router, or if you're really concerned, see about ordering you r own ISP.