Question wap configuration security

mike_abc

Distinguished
Jan 27, 2009
1
0
18,510
Hi,

The connection between the computer I use to configure the WAP on my home LAN is not encrypted - http instead of https.

Obviously, all the data I send from computer to the WAP, including a new admin username/password etc. can be seen by anyone/anything
intercepting my network traffic. Or can they ? I am no network security specialist, so this is not clear to me.

Is this a legitimate concern ? Are there solutions (like a better, more technologically advanced WAP) ?
 
Did you typo that or do you mean WPA. WAP tends to mean wireless access point but has a couple other meaning.

The various versions of WPA are what is commonly used to encrypt the data between the router and the end device.

Unlike years ago almost all router come with WPA encryption enabled you have to manually set it to a open network with no encryption and you get a warning if you do that.

Now wifi encryption is removed as soon as the data gets to the router so as the data passed out of your router to say the modem and the internet it is no longer encrypted. That is why everything uses HTTPS. So even if someone were able to decrypt the WPA they would then run into the HTTPS encryption.

Now theoretically if you were to run on a non encrypted wifi and you used HTTP rather than HTTPS someone could intercept the data. They have to be very close to your house and even then it is very tricky compared to old days. Stuff like mimo and all the overlapping data streams means it is very hard to get a good capture. This is not like the old days where you could sit in a coffee shop and steal people facebook accounts.