Power Line Ethernet Adapter - Are they Safe?

[fusi0n]

Right now, I am using a Boxee Box and am loving it. However, it doesn't do too well with wireless 1080P content. I bought a brand new wireless router (Linksys E3000) and wireless bridge (Linksys 610) and still buffers a lot. With that said, I am looking into using power line Ethernet adapters. I hear they work very well. However, I have read that sometimes it can be a security risk. Like if a neighbor had an adapter they can use it to connect to my network. I know this is Tin Foil hat speaking but I don't want to expose my network to my neighborhood..

[Warbucks81]

They're fantastic devices. Many of the newer generation models come with security built into them. I'm currently using three D-Link 500mbit/sec adapters in my condo. I had the same issue, trying to stream 1080p content from my media server to my HTPC. Too much interference with all the access points in my condo.

It can be tricky to find a good outlet. I tested three outlets in my living room and only one of them synched at an acceptable speed for transferring 1080p content. The adapter in my living room syncs at 200Mbit/sec. The one in my bedroom syncs are 125Mbit/sec.

[philcruicks]

For when I know they're fairly safe...I mean your probably just as exposed having a wireless network...might be different if your in a flat or somewhere where the electricity is possibly shared...if you're in your own house it't probably fine....but as always there's no substitute for good old network cable.

[+Gary7 Subscriber²]

If all of your circuts are grounded, it would be OK. I would not try it on 2 wire circuits without a ground.

[Crisp]

Like if a neighbor had an adapter they can use it to connect to my network. I know this is Tin Foil hat speaking but I don't want to expose my network to my neighborhood..

What kind of 1080p content are you streaming :shiftyninja:

[drotaru]

as far as i know it has a very limited range so you should be fine against intruders , also what +Grinder says

[djdanster]

I use one on my main PC. It's great for latency but suck for speeds. On the power line adapters I get roughly 800KB/s. Over Wireless I can easily squeeze out over 2.5MB/s.

[shakey]

https://www.neowin.net/forum/topic/1043211-wireless-n-streaming-1080p-hd-movies-and-gaming-need-info-please/

Coming from first hand experience and using multiple methods, I'm very pleased with PLA's.

[briangw]

I had one but brought it back because it got really warm to the touch. Thinking it was bad, I swapped it out but the same thing happened on the other one. Not a big fan of them when they get THAT warm.

[AJerman]

I'm not sure how these work these days cause I haven't used a powerline network adapter in ages, but you still get a Cat 5 output and you would still use a normal router/switch, correct? If that's the case, I'd just enable MAC filtering on the router for security.

[+jamesyfx Subscriber²]

I've never heard of anyone having additional security concerns because of Powerline Adapters. They do the job they're supposed to - it's just a wired network via the mains.

The only caveat is that you cannot connect them to Surge Protected sockets, unless you're rich and can afford those special SurgeMaster ones that Belkin make.

[+BudMan MVC]

Traffic between adapters is encrypted, I do believe current standard is 128bit AES, I think older standard was DES, which would be fine as well -- so you should be fine. Normally single family type homes would have any issues with leakage to house next door, or anyone else on the grid.

But sure I guess if you using shared circuits it could be a problem - just make sure you change the password. Some models even have button to push to pair with other device, etc.

I have to think your tin foil hat is getting the best of you if your worried about someone listening in on your PLA traffic.

edit:

"I'd just enable MAC filtering on the router for security."

When and the Hell is his FUD going to die??? MAC filter by no shape of the imagination has anything to do with security, it can be used as a method of control yes, security NO!!!

[Gerowen]

edit:

"I'd just enable MAC filtering on the router for security."

When and the Hell is his FUD going to die??? MAC filter by no shape of the imagination has anything to do with security, it can be used as a method of control yes, security NO!!!

Well MAC filtering effectively stops unwanted users from accessing a network, so it is technically a security measure. No need to get all hyped up over semantics.

[+LogicalApex MVC]

Well MAC filtering effectively stops unwanted users from accessing a network, so it is technically a security measure. No need to get all hyped up over semantics.

Not really. If the attacker could listen on the wire all of traffic would be unencrypted (if there is nothing else on the wire to encrypt the traffic) and easily siphoned off. The attacker could then use that information to forge a valid MAC address for access or steal you data in passing without you ever knowing. As BudMan said, MAC filtering IS NOT SECURITY.

[Shadrack]

They are safe. I have some trendnet ones...but setting up the encryption was kind of a pain in the ass because the directions don't work. The directions say to enter the password that is printed on the label of the adapter in the utility, but for some reason that doesn't work. The only thing that worked for me was to connect each adapter directly to my computer and set the AES encryption and then go plug it into the spot I wanted.

They are safe enough to not have to worry about neighbors snooping, anyway...

As for speed, my 1080i content from my DirecTV DVR streams flawlessly to my computer whereas my 802.11g wireless connection was extremely flaky (sometimes it worked just fine, most of the time I had stuttering video problems that made it unusable).

Oddly I have a consistent 3ms lag through the adapters. I do wish this was better... I get higher bandwidth and a more consistent connection through the power adapters. I get lower latency through wireless (<1ms) with the occasional 10ms spike.

Not really. If the attacker could listen on the wire all of traffic would be unencrypted (if there is nothing else on the wire to encrypt the traffic) and easily siphoned off. The attacker could then use that information to forge a valid MAC address for access or steal you data in passing without you ever knowing. As BudMan said, MAC filtering IS NOT SECURITY.

QFT. MAC filtering shouldn't even be in the "security" tab of your router.

[fusi0n]

thank you for the responses.

[+Fahim S. MVC]

I have 4 in my house and the newer devices have security so that a new adaptor can join a network, by first holding a button on an existing device and then on the new device.

[+BudMan MVC]

Well MAC filtering effectively stops unwanted users from accessing a network

Says who -- what router are you using that setting a mac filter blocks anything to do with "WIRED" access

We are talking wired access here, ie PLA not a wireless client trying to connect to your AP and then passing traffic to other devices or use the internet.

Also lets say the router blocks access on the wired interfaces with mac filtering -- lets just say it does, but I can not recall ever seeing a soho router that provides that feature in any method that would be actually useful. Does he have another switch on the network? Even if mac filtering blocked access to the wired ports on the router, that does not stop any traffic between interfaces on the switch downstream where devices are connected.

Here for example is tomato.

Notice for one that it is not even in any sort of SECURITY MENU, and clearly stated as a "wireless" client filter.. And as already stated simple sniffing of the wireless traffic can get you valid macs to use, even if the wireless is encrypted - the macs are not.

So here is example that does support WIRED mac filtering -- but really want to point this part out about still having access to wired devices.

---

Grabbed this from help of dlink 655 emulator

http://support.dlink.com/emulators/dir655/133NA/Advanced.html#MAC_Address_Filter

Filter wired clients:

Apply MAC Filtering to devices that are physically connected to the network (as by Ethernet cable). Note that a wired device that is blocked cannot access the WAN and cannot access wireless devices on the LAN, but can still access other wired devices on the LAN.

---

So even with this router and no other switches that does support blocking via mac on its wired ports, it does not prevent access to the network. It only blocks access to the internet, and then wireless clients.. Guess that would be fine if he didn't have any wired devices.. But he is connecting his PLA to connect something to to his network via a wire, so there are clearly other wired devices on the network that mac filtering would not block.

Also keep in mind that it makes no mention of blocking access to the routers admin page - so could in theory hack the routers admin page and then turn off mac filtering.

Mac filtering is great as a method of controlling say your kinds from using the internet after 10pm, or easy way to turn off access to internet for your kids if they are grounded or something.

But as way of actually securing your network, ie security no -- not by a long shot, not at least in any form I have seen on soho routers.

Now in a fully managed or even smart switch setup, sure mac addresses can be used as NAC (network access control) Where you for say only allow specific macs to use a specific wired port, or prevention of unwanted devices from just plugging into your network.. But then again in that sort of setup any ports not being used should be OFF anyway. But sure works great as a "control" method of keeping users from willy nilly moving to different ports.

And in such a setup you might even want to use NAP (network access protection) where you require the client to meet specific criteria before they can access specific aspects of the network.

But again, since you can change the mac of your interface in 2 shakes, and there is no real way to "secure" the macs of devices that are actually using the network -- its not a real "security" method.

Like saying passwords are secure, if the passwords were posted on your computer with a postit and sent over the network in clear text at all times. Does not matter if the passwords were 100 characters long -- how secure would that be? Which is exactly what happens with mac addresses, they are transmitted in the clear both wireless and wired, and they are quite often printed right on the device. Simple IPconfig or ifconfig on linux will show you mac of that devices interface, do a simple arp -a and you can view every mac that device has been talking to on the network. Most every other device that does not have a real OS more than likely has the mac printed right on it - turn your router over and you should see both the mac for its wired interfaces and its wireless radio.

MAC Filtering is not a valid security method - control sure it has lots of uses, as valid security NO not in any sense of the word.

[AJerman]

Traffic between adapters is encrypted, I do believe current standard is 128bit AES, I think older standard was DES, which would be fine as well -- so you should be fine. Normally single family type homes would have any issues with leakage to house next door, or anyone else on the grid.

But sure I guess if you using shared circuits it could be a problem - just make sure you change the password. Some models even have button to push to pair with other device, etc.

I have to think your tin foil hat is getting the best of you if your worried about someone listening in on your PLA traffic.

edit:

"I'd just enable MAC filtering on the router for security."

When and the Hell is his FUD going to die??? MAC filter by no shape of the imagination has anything to do with security, it can be used as a method of control yes, security NO!!!

Well, since I was trying to suggest a way to not allow someone to just plug in and be on his network since, you know, that is what he asked about anyway, I'd say my suggestion was a pretty good one. When the hell are people going to learn to read would be a better question. At no point did I say that MAC filtering encrypts data transmitted in anyway, nor did the OP ever express concern that someone would tap his electrical lines to steal his data, he asked how to keep people from plugging in an adapter and being on his network.

Also, MAC filtering is absolutely a form of security, it's not a form of encryption, which is the word you're looking for. Please understand what you're talking about before you start going on a rant.

Now, I'll give you that there are limitations on the usefulness of MAC filtering, but for 99% of people's HOME network connections, those limitations are rarely an issue. You can definitely clone a MAC address and get on with MAC filtering, however someone would have to have physical access to one of your devices to get the MAC address to use. That's a fairly unlikely scenario unless you leave your doors unlocked or have a network device outside. MAC filtering is a very viable addition to the security of your network, but of course it's not to be considered a single method of totally securing a network. Others have mentioned that the powerline adapters encrypt the data, meaning encryption wouldn't be necessary, only blocking access.

Also, I'll give you that not all devices MAC filter in the same way, so depending on what router setup you use, it may or may not be as useful. I'm by no means knowledgeable about every router on the market, and most may not do mac filtering properly due to the design of unmanaged switches. Regardless, with the proper hardware, it is a very viable solution to keep people off your network.

Remember, there's a point where you can go overboard with security. If you have something on your network that's incredibly important that you must make sure no one gains access to, then yes, you need to have further network security, however, if you're trying to secure a home network from someone randomly plugging in on your network to get some free Internet, then you don't need fort knox security. I'm guessing that someone using powerline network adapters isn't doing too much on their network that people are going to take the time to break in when the person 2 doors down probably has wifi entirely open.

[rvbfan]

Safe and fast!

This is not your fathers powerline adapter.

[Roger H. Veteran]

Ok people - :argue: BudMan (and therefore me :D ) is right so we'll just end the discussion there. It doesn't matter what you've read or heard, fact is MAC filtering is NOT a security method.

Now back to regular scheduled topic:

I had the older ones and it worked good. It was the 80Mbps ones but got decent speeds with that too. 2-4MB/s so i enjoyed it. Can't endorse any recent ones as I haven't used them but I'd definitely trust them (based on my pass experience) without any worries. If my network wasn't in the area where I couldn't use cables now easily for the media server i'd definitely choose that over wireless especially the newer 500Mbps ones :)

[Churma]

As for being safe no problem, it will not work outside your home, and will not go beyond your own subpanel. The traffic between devices is encrypted as well. The only question is will it work for you? If you have romex and you only have one sub panel, chances are you should be good, if you have dimmers, sometimes those can cause noise on the line and effect your speed too.

[AJerman]

Ok people - :argue: BudMan (and therefore me :D ) is right so we'll just end the discussion there. It doesn't matter what you've read or heard, fact is MAC filtering is NOT a security method.

Now back to regular scheduled topic:

I had the older ones and it worked good. It was the 80Mbps ones but got decent speeds with that too. 2-4MB/s so i enjoyed it. Can't endorse any recent ones as I haven't used them but I'd definitely trust them (based on my pass experience) without any worries. If my network wasn't in the area where I couldn't use cables now easily for the media server i'd definitely choose that over wireless especially the newer 500Mbps ones :)

Ahh yes, ignorance is bliss!

[majortom1981]

mac filtering is security. Answer this what is the reason WHY you only want those mac addresses communicating with your router?

PS if the person knows enough to go around the mac filtering they will go around the encyption also.

[Brandon H Supervisor]

mac filtering is security. Answer this what is the reason WHY you only want those mac addresses communicating with your router?

PS if the person knows enough to go around the mac filtering they will go around the encyption also.

it's a lot easier to spoof your mac address than it is to break wireless encryption

you can't even compare the two