Is it something to worry about when my browser warns me that my connection to 192.168.1.1 (router admin page)...
I got this "Not secure" warning when I'm trying to log in to my router (it's within my physical access). Apparently my router's management (admin) system doesn't have HTTPS.
Chrome also says
Your connection to this site is not private.
I know that when I visit an HTTP website, the data transferred between my endpoint and the remote server could be sniffed by any node among the route, but this time the "remote server" is just the router (which also serves as a wireless AP).
Is it something to worry about, in the following cases? Assume I am authorized to administer the router and have unlimited physical access to it.
- The router is placed in my home and I fully acknowledge all devices connected to it (my PC, my phone, my family's PCs and phones).
- The router is placed in a public place (restaurant, hotel etc.) and is open to public in some ways.
tls http router
asked yesterday
iBugiBug
728410
add a comment |
I got this "Not secure" warning when I'm trying to log in to my router (it's within my physical access). Apparently my router's management (admin) system doesn't have HTTPS.
Chrome also says
Your connection to this site is not private.
I know that when I visit an HTTP website, the data transferred between my endpoint and the remote server could be sniffed by any node among the route, but this time the "remote server" is just the router (which also serves as a wireless AP).
Is it something to worry about, in the following cases? Assume I am authorized to administer the router and have unlimited physical access to it.
- The router is placed in my home and I fully acknowledge all devices connected to it (my PC, my phone, my family's PCs and phones).
- The router is placed in a public place (restaurant, hotel etc.) and is open to public in some ways.
tls http router
asked yesterday
iBugiBug
728410
4
Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.
– studog
yesterday
1) Get crossover cable 2) Ignore message
– Joshua
yesterday
1
it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.
– dandavis
yesterday
add a comment |
I got this "Not secure" warning when I'm trying to log in to my router (it's within my physical access). Apparently my router's management (admin) system doesn't have HTTPS.
Chrome also says
Your connection to this site is not private.
I know that when I visit an HTTP website, the data transferred between my endpoint and the remote server could be sniffed by any node among the route, but this time the "remote server" is just the router (which also serves as a wireless AP).
Is it something to worry about, in the following cases? Assume I am authorized to administer the router and have unlimited physical access to it.
- The router is placed in my home and I fully acknowledge all devices connected to it (my PC, my phone, my family's PCs and phones).
- The router is placed in a public place (restaurant, hotel etc.) and is open to public in some ways.
tls http router
asked yesterday
iBugiBug
728410
I got this "Not secure" warning when I'm trying to log in to my router (it's within my physical access). Apparently my router's management (admin) system doesn't have HTTPS.
Chrome also says
Your connection to this site is not private.
I know that when I visit an HTTP website, the data transferred between my endpoint and the remote server could be sniffed by any node among the route, but this time the "remote server" is just the router (which also serves as a wireless AP).
Is it something to worry about, in the following cases? Assume I am authorized to administer the router and have unlimited physical access to it.
- The router is placed in my home and I fully acknowledge all devices connected to it (my PC, my phone, my family's PCs and phones).
- The router is placed in a public place (restaurant, hotel etc.) and is open to public in some ways.
tls http router
tls http router
asked yesterday
iBugiBug
728410
asked yesterday
iBugiBug
728410
asked yesterday
iBugiBug
728410
asked yesterday
iBugiBug
728410
asked yesterday
iBugiBug
728410
728410
4
Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.
– studog
yesterday
1) Get crossover cable 2) Ignore message
– Joshua
yesterday
1
it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.
– dandavis
yesterday
add a comment |
4
Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.
– studog
yesterday
1) Get crossover cable 2) Ignore message
– Joshua
yesterday
1
it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.
– dandavis
yesterday
4
4
Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.
– studog
yesterday
Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.
– studog
yesterday
1) Get crossover cable 2) Ignore message
– Joshua
yesterday
1) Get crossover cable 2) Ignore message
– Joshua
yesterday
1
1
it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.
– dandavis
yesterday
it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.
– dandavis
yesterday
add a comment |
4 Answers
4
active
oldest
votes
No public Certificate Authority (CA) will issue a certificate for a private IP address, such as the 192.168.x.x blocks.
Because of that, I would expect that I would not see an HTTPS connection to a consumer-grade router in my network, and if I noticed such a connection (this assumes, of course, that I'd actually notice the lock icon when it shouldn't be there; which, if I'm honest, I probably wouldn't), then I would be very suspicious that someone had installed rogue certificates, and has an actively snooping proxy somewhere on my machine or in my network.
It is possible to set up a secure HTTPS connection, depending on your router's capabilities. If you can add a certificate to your router, you can create a self-signed certificate. This will effectively encrypt your HTTPS connection inside of a perfectly valid TLS tunnel, although your browsers will be complaining very loudly that the validity of the certificate can't be verified.
There are ways to get past these complaints by the browser, such as adding yourself as a trusted CA on your computer, or getting a certificate for a domain and using your internal DNS or your hosts files to point the domain to the private IP, as mentioned in the comments.
As far as the specific cases that you're asking about:
1, your own home: There should be nothing to worry about, assuming that all other devices are secure. Rogue devices on your network will be able to do packet sniffing, so don't log in using the same password that you log into your bank with (which is good advice regardless of what you're authenticating with).
2, you're hosting a public access point: Assume the network is being actively probed at all times. In this case, I might take the time to set up TLS properly and even then, if I were truly paranoid (I.e., my access point was set up at DefCon), then each time I access the management web page, I would disable wireless, ensure nothing else is connected via any hubs or switches, then change the password before re-enabling wireless and making my configuration changes.
answered yesterday
GhedipunkGhedipunk
463312
13
Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)
– Ajedi32
yesterday
Thank you, @Ajedi32, I've updated the answer.
– Ghedipunk
yesterday
"...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.
– jpmc26
yesterday
@jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.
– Ghedipunk
yesterday
I'd just make all my changes over the wire; usually you can still connect one.
– Maarten Bodewes
yesterday
|
show 1 more comment
It is common for SOHO devices (switches, routers) that they either do not support HTTPS or provide HTTPS with factory self-signed certificate which cannot be replaced.
I wouldn't worry much as long as:
- you control the wiring between your PC and router.
- remote management is disabled over wireless (admin page is allowed only via wired media) media.
- remote management is disabled from internet.
answered yesterday
Crypt32Crypt32
2,593712
1
Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)
– studog
yesterday
3
Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.
– Barmar
yesterday
add a comment |
This is not a problem.
Others here have given technically precise answers which assume general knowledge of how the secure web connections work. However if you have that level of knowledge you will already know the answer to this question. Here is a simpler answer.
Secure web pages (i.e. those with "https" at the start of the URL and a green padlock or similar symbol) are secured by a system of digital certificates. Merely encrypting something isn't enough because it doesn't guarantee the identity of the web site; you may think you are talking to foobar.com, but how can you be sure? The answer is a system of identity certificates with digital signatures. When you go to its website, "foobar.com" sends you a certificate saying that it is the real "foobar.com", and that certificate is signed by one of a number of "certificate authorities" who are generally trusted by everyone to do this job of certifying identity on the Internet. If you click on the green padlock symbol, or whatever your web browser uses, you can see the certificate details.
If an identity doesn't match, or a certificate is missing, or if the link isn't encrypted, then your web browser will warn you about sending passwords because someone could be listening in.
Your home router doesn't have its own certificate signed by a Certificate Authority, but as the link is within just one house that doesn't matter. I suppose it might be better if web browsers shut up about insecure sites on addresses like 192.168.1.1 so that people don't get false alarms.
answered 12 hours ago
Paul JohnsonPaul Johnson
1312
New contributor
Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
No, unfortunately the certs will eventually expire and are usually self-signed. Your best bet, would be to make a new one and upload it to your router (if the router has that function).
answered yesterday
ZaxLoffulZaxLofful
1092
New contributor
ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f202739%2fis-it-something-to-worry-about-when-my-browser-warns-me-that-my-connection-to-19%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
4 Answers
4
active
oldest
votes
4 Answers
4
active
oldest
votes
active
oldest
votes
active
oldest
votes
No public Certificate Authority (CA) will issue a certificate for a private IP address, such as the 192.168.x.x blocks.
Because of that, I would expect that I would not see an HTTPS connection to a consumer-grade router in my network, and if I noticed such a connection (this assumes, of course, that I'd actually notice the lock icon when it shouldn't be there; which, if I'm honest, I probably wouldn't), then I would be very suspicious that someone had installed rogue certificates, and has an actively snooping proxy somewhere on my machine or in my network.
It is possible to set up a secure HTTPS connection, depending on your router's capabilities. If you can add a certificate to your router, you can create a self-signed certificate. This will effectively encrypt your HTTPS connection inside of a perfectly valid TLS tunnel, although your browsers will be complaining very loudly that the validity of the certificate can't be verified.
There are ways to get past these complaints by the browser, such as adding yourself as a trusted CA on your computer, or getting a certificate for a domain and using your internal DNS or your hosts files to point the domain to the private IP, as mentioned in the comments.
As far as the specific cases that you're asking about:
1, your own home: There should be nothing to worry about, assuming that all other devices are secure. Rogue devices on your network will be able to do packet sniffing, so don't log in using the same password that you log into your bank with (which is good advice regardless of what you're authenticating with).
2, you're hosting a public access point: Assume the network is being actively probed at all times. In this case, I might take the time to set up TLS properly and even then, if I were truly paranoid (I.e., my access point was set up at DefCon), then each time I access the management web page, I would disable wireless, ensure nothing else is connected via any hubs or switches, then change the password before re-enabling wireless and making my configuration changes.
answered yesterday
GhedipunkGhedipunk
463312
13
Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)
– Ajedi32
yesterday
Thank you, @Ajedi32, I've updated the answer.
– Ghedipunk
yesterday
"...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.
– jpmc26
yesterday
@jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.
– Ghedipunk
yesterday
I'd just make all my changes over the wire; usually you can still connect one.
– Maarten Bodewes
yesterday
|
show 1 more comment
No public Certificate Authority (CA) will issue a certificate for a private IP address, such as the 192.168.x.x blocks.
Because of that, I would expect that I would not see an HTTPS connection to a consumer-grade router in my network, and if I noticed such a connection (this assumes, of course, that I'd actually notice the lock icon when it shouldn't be there; which, if I'm honest, I probably wouldn't), then I would be very suspicious that someone had installed rogue certificates, and has an actively snooping proxy somewhere on my machine or in my network.
It is possible to set up a secure HTTPS connection, depending on your router's capabilities. If you can add a certificate to your router, you can create a self-signed certificate. This will effectively encrypt your HTTPS connection inside of a perfectly valid TLS tunnel, although your browsers will be complaining very loudly that the validity of the certificate can't be verified.
There are ways to get past these complaints by the browser, such as adding yourself as a trusted CA on your computer, or getting a certificate for a domain and using your internal DNS or your hosts files to point the domain to the private IP, as mentioned in the comments.
As far as the specific cases that you're asking about:
1, your own home: There should be nothing to worry about, assuming that all other devices are secure. Rogue devices on your network will be able to do packet sniffing, so don't log in using the same password that you log into your bank with (which is good advice regardless of what you're authenticating with).
2, you're hosting a public access point: Assume the network is being actively probed at all times. In this case, I might take the time to set up TLS properly and even then, if I were truly paranoid (I.e., my access point was set up at DefCon), then each time I access the management web page, I would disable wireless, ensure nothing else is connected via any hubs or switches, then change the password before re-enabling wireless and making my configuration changes.
answered yesterday
GhedipunkGhedipunk
463312
13
Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)
– Ajedi32
yesterday
Thank you, @Ajedi32, I've updated the answer.
– Ghedipunk
yesterday
"...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.
– jpmc26
yesterday
@jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.
– Ghedipunk
yesterday
I'd just make all my changes over the wire; usually you can still connect one.
– Maarten Bodewes
yesterday
|
show 1 more comment
No public Certificate Authority (CA) will issue a certificate for a private IP address, such as the 192.168.x.x blocks.
Because of that, I would expect that I would not see an HTTPS connection to a consumer-grade router in my network, and if I noticed such a connection (this assumes, of course, that I'd actually notice the lock icon when it shouldn't be there; which, if I'm honest, I probably wouldn't), then I would be very suspicious that someone had installed rogue certificates, and has an actively snooping proxy somewhere on my machine or in my network.
It is possible to set up a secure HTTPS connection, depending on your router's capabilities. If you can add a certificate to your router, you can create a self-signed certificate. This will effectively encrypt your HTTPS connection inside of a perfectly valid TLS tunnel, although your browsers will be complaining very loudly that the validity of the certificate can't be verified.
There are ways to get past these complaints by the browser, such as adding yourself as a trusted CA on your computer, or getting a certificate for a domain and using your internal DNS or your hosts files to point the domain to the private IP, as mentioned in the comments.
As far as the specific cases that you're asking about:
1, your own home: There should be nothing to worry about, assuming that all other devices are secure. Rogue devices on your network will be able to do packet sniffing, so don't log in using the same password that you log into your bank with (which is good advice regardless of what you're authenticating with).
2, you're hosting a public access point: Assume the network is being actively probed at all times. In this case, I might take the time to set up TLS properly and even then, if I were truly paranoid (I.e., my access point was set up at DefCon), then each time I access the management web page, I would disable wireless, ensure nothing else is connected via any hubs or switches, then change the password before re-enabling wireless and making my configuration changes.
answered yesterday
GhedipunkGhedipunk
463312
No public Certificate Authority (CA) will issue a certificate for a private IP address, such as the 192.168.x.x blocks.
Because of that, I would expect that I would not see an HTTPS connection to a consumer-grade router in my network, and if I noticed such a connection (this assumes, of course, that I'd actually notice the lock icon when it shouldn't be there; which, if I'm honest, I probably wouldn't), then I would be very suspicious that someone had installed rogue certificates, and has an actively snooping proxy somewhere on my machine or in my network.
It is possible to set up a secure HTTPS connection, depending on your router's capabilities. If you can add a certificate to your router, you can create a self-signed certificate. This will effectively encrypt your HTTPS connection inside of a perfectly valid TLS tunnel, although your browsers will be complaining very loudly that the validity of the certificate can't be verified.
There are ways to get past these complaints by the browser, such as adding yourself as a trusted CA on your computer, or getting a certificate for a domain and using your internal DNS or your hosts files to point the domain to the private IP, as mentioned in the comments.
As far as the specific cases that you're asking about:
1, your own home: There should be nothing to worry about, assuming that all other devices are secure. Rogue devices on your network will be able to do packet sniffing, so don't log in using the same password that you log into your bank with (which is good advice regardless of what you're authenticating with).
2, you're hosting a public access point: Assume the network is being actively probed at all times. In this case, I might take the time to set up TLS properly and even then, if I were truly paranoid (I.e., my access point was set up at DefCon), then each time I access the management web page, I would disable wireless, ensure nothing else is connected via any hubs or switches, then change the password before re-enabling wireless and making my configuration changes.
answered yesterday
GhedipunkGhedipunk
463312
edited yesterday
answered yesterday
GhedipunkGhedipunk
463312
answered yesterday
GhedipunkGhedipunk
463312
answered yesterday
GhedipunkGhedipunk
463312
463312
13
Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)
– Ajedi32
yesterday
Thank you, @Ajedi32, I've updated the answer.
– Ghedipunk
yesterday
"...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.
– jpmc26
yesterday
@jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.
– Ghedipunk
yesterday
I'd just make all my changes over the wire; usually you can still connect one.
– Maarten Bodewes
yesterday
|
show 1 more comment
13
Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)
– Ajedi32
yesterday
Thank you, @Ajedi32, I've updated the answer.
– Ghedipunk
yesterday
"...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.
– jpmc26
yesterday
@jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.
– Ghedipunk
yesterday
I'd just make all my changes over the wire; usually you can still connect one.
– Maarten Bodewes
yesterday
13
13
Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)
– Ajedi32
yesterday
Somewhat related: I've successfully set up publicly trusted certificates for routers on my network via Let's Encrypt. You can't get certificates for a private IP address, true, but you can get certificates for a domain name pointing to a private IP address. (my-router.lan.example.com)
– Ajedi32
yesterday
Thank you, @Ajedi32, I've updated the answer.
– Ghedipunk
yesterday
Thank you, @Ajedi32, I've updated the answer.
– Ghedipunk
yesterday
"...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.
– jpmc26
yesterday
"...although your browsers will be complaining very loudly that the validity of the certificate can't be verified." I believe that depends on what certificates you have your machine/browser configured to trust.
– jpmc26
yesterday
@jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.
– Ghedipunk
yesterday
@jpmc26, true. I wrote that to be from the point of view of users who are just starting to muck about in TLS and securing traffic within their home network. Hopefully someone who knows how and why to add themselves as a trusted root CA and/or set up a local DNS server to deliver a private IP for your subdomain to get a Let's Encrypt certificate will already know what to expect.
– Ghedipunk
yesterday
I'd just make all my changes over the wire; usually you can still connect one.
– Maarten Bodewes
yesterday
I'd just make all my changes over the wire; usually you can still connect one.
– Maarten Bodewes
yesterday
|
show 1 more comment
It is common for SOHO devices (switches, routers) that they either do not support HTTPS or provide HTTPS with factory self-signed certificate which cannot be replaced.
I wouldn't worry much as long as:
- you control the wiring between your PC and router.
- remote management is disabled over wireless (admin page is allowed only via wired media) media.
- remote management is disabled from internet.
answered yesterday
Crypt32Crypt32
2,593712
1
Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)
– studog
yesterday
3
Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.
– Barmar
yesterday
add a comment |
It is common for SOHO devices (switches, routers) that they either do not support HTTPS or provide HTTPS with factory self-signed certificate which cannot be replaced.
I wouldn't worry much as long as:
- you control the wiring between your PC and router.
- remote management is disabled over wireless (admin page is allowed only via wired media) media.
- remote management is disabled from internet.
answered yesterday
Crypt32Crypt32
2,593712
1
Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)
– studog
yesterday
3
Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.
– Barmar
yesterday
add a comment |
It is common for SOHO devices (switches, routers) that they either do not support HTTPS or provide HTTPS with factory self-signed certificate which cannot be replaced.
I wouldn't worry much as long as:
- you control the wiring between your PC and router.
- remote management is disabled over wireless (admin page is allowed only via wired media) media.
- remote management is disabled from internet.
answered yesterday
Crypt32Crypt32
2,593712
It is common for SOHO devices (switches, routers) that they either do not support HTTPS or provide HTTPS with factory self-signed certificate which cannot be replaced.
I wouldn't worry much as long as:
- you control the wiring between your PC and router.
- remote management is disabled over wireless (admin page is allowed only via wired media) media.
- remote management is disabled from internet.
answered yesterday
Crypt32Crypt32
2,593712
answered yesterday
Crypt32Crypt32
2,593712
answered yesterday
Crypt32Crypt32
2,593712
answered yesterday
Crypt32Crypt32
2,593712
2,593712
1
Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)
– studog
yesterday
3
Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.
– Barmar
yesterday
add a comment |
1
Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)
– studog
yesterday
3
Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.
– Barmar
yesterday
1
1
Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)
– studog
yesterday
Those 3 bullet points are generally true no matter where the router is placed. (OP asked about inside the home vs public place.)
– studog
yesterday
3
3
Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.
– Barmar
yesterday
Recent MacBook models don't have Ethernet, they can only connect to the router via WiFi unless you purchase a USB/Thunderbolt Ethernet adapter. So you may have to enable management over wireless.
– Barmar
yesterday
add a comment |
This is not a problem.
Others here have given technically precise answers which assume general knowledge of how the secure web connections work. However if you have that level of knowledge you will already know the answer to this question. Here is a simpler answer.
Secure web pages (i.e. those with "https" at the start of the URL and a green padlock or similar symbol) are secured by a system of digital certificates. Merely encrypting something isn't enough because it doesn't guarantee the identity of the web site; you may think you are talking to foobar.com, but how can you be sure? The answer is a system of identity certificates with digital signatures. When you go to its website, "foobar.com" sends you a certificate saying that it is the real "foobar.com", and that certificate is signed by one of a number of "certificate authorities" who are generally trusted by everyone to do this job of certifying identity on the Internet. If you click on the green padlock symbol, or whatever your web browser uses, you can see the certificate details.
If an identity doesn't match, or a certificate is missing, or if the link isn't encrypted, then your web browser will warn you about sending passwords because someone could be listening in.
Your home router doesn't have its own certificate signed by a Certificate Authority, but as the link is within just one house that doesn't matter. I suppose it might be better if web browsers shut up about insecure sites on addresses like 192.168.1.1 so that people don't get false alarms.
answered 12 hours ago
Paul JohnsonPaul Johnson
1312
New contributor
Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
This is not a problem.
Others here have given technically precise answers which assume general knowledge of how the secure web connections work. However if you have that level of knowledge you will already know the answer to this question. Here is a simpler answer.
Secure web pages (i.e. those with "https" at the start of the URL and a green padlock or similar symbol) are secured by a system of digital certificates. Merely encrypting something isn't enough because it doesn't guarantee the identity of the web site; you may think you are talking to foobar.com, but how can you be sure? The answer is a system of identity certificates with digital signatures. When you go to its website, "foobar.com" sends you a certificate saying that it is the real "foobar.com", and that certificate is signed by one of a number of "certificate authorities" who are generally trusted by everyone to do this job of certifying identity on the Internet. If you click on the green padlock symbol, or whatever your web browser uses, you can see the certificate details.
If an identity doesn't match, or a certificate is missing, or if the link isn't encrypted, then your web browser will warn you about sending passwords because someone could be listening in.
Your home router doesn't have its own certificate signed by a Certificate Authority, but as the link is within just one house that doesn't matter. I suppose it might be better if web browsers shut up about insecure sites on addresses like 192.168.1.1 so that people don't get false alarms.
answered 12 hours ago
Paul JohnsonPaul Johnson
1312
New contributor
Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
This is not a problem.
Others here have given technically precise answers which assume general knowledge of how the secure web connections work. However if you have that level of knowledge you will already know the answer to this question. Here is a simpler answer.
Secure web pages (i.e. those with "https" at the start of the URL and a green padlock or similar symbol) are secured by a system of digital certificates. Merely encrypting something isn't enough because it doesn't guarantee the identity of the web site; you may think you are talking to foobar.com, but how can you be sure? The answer is a system of identity certificates with digital signatures. When you go to its website, "foobar.com" sends you a certificate saying that it is the real "foobar.com", and that certificate is signed by one of a number of "certificate authorities" who are generally trusted by everyone to do this job of certifying identity on the Internet. If you click on the green padlock symbol, or whatever your web browser uses, you can see the certificate details.
If an identity doesn't match, or a certificate is missing, or if the link isn't encrypted, then your web browser will warn you about sending passwords because someone could be listening in.
Your home router doesn't have its own certificate signed by a Certificate Authority, but as the link is within just one house that doesn't matter. I suppose it might be better if web browsers shut up about insecure sites on addresses like 192.168.1.1 so that people don't get false alarms.
answered 12 hours ago
Paul JohnsonPaul Johnson
1312
New contributor
Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
This is not a problem.
Others here have given technically precise answers which assume general knowledge of how the secure web connections work. However if you have that level of knowledge you will already know the answer to this question. Here is a simpler answer.
Secure web pages (i.e. those with "https" at the start of the URL and a green padlock or similar symbol) are secured by a system of digital certificates. Merely encrypting something isn't enough because it doesn't guarantee the identity of the web site; you may think you are talking to foobar.com, but how can you be sure? The answer is a system of identity certificates with digital signatures. When you go to its website, "foobar.com" sends you a certificate saying that it is the real "foobar.com", and that certificate is signed by one of a number of "certificate authorities" who are generally trusted by everyone to do this job of certifying identity on the Internet. If you click on the green padlock symbol, or whatever your web browser uses, you can see the certificate details.
If an identity doesn't match, or a certificate is missing, or if the link isn't encrypted, then your web browser will warn you about sending passwords because someone could be listening in.
Your home router doesn't have its own certificate signed by a Certificate Authority, but as the link is within just one house that doesn't matter. I suppose it might be better if web browsers shut up about insecure sites on addresses like 192.168.1.1 so that people don't get false alarms.
answered 12 hours ago
Paul JohnsonPaul Johnson
1312
New contributor
Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 12 hours ago
Paul JohnsonPaul Johnson
1312
New contributor
Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered 12 hours ago
Paul JohnsonPaul Johnson
1312
answered 12 hours ago
Paul JohnsonPaul Johnson
1312
1312
New contributor
Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Paul Johnson is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
No, unfortunately the certs will eventually expire and are usually self-signed. Your best bet, would be to make a new one and upload it to your router (if the router has that function).
answered yesterday
ZaxLoffulZaxLofful
1092
New contributor
ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
No, unfortunately the certs will eventually expire and are usually self-signed. Your best bet, would be to make a new one and upload it to your router (if the router has that function).
answered yesterday
ZaxLoffulZaxLofful
1092
New contributor
ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
No, unfortunately the certs will eventually expire and are usually self-signed. Your best bet, would be to make a new one and upload it to your router (if the router has that function).
answered yesterday
ZaxLoffulZaxLofful
1092
New contributor
ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
No, unfortunately the certs will eventually expire and are usually self-signed. Your best bet, would be to make a new one and upload it to your router (if the router has that function).
answered yesterday
ZaxLoffulZaxLofful
1092
New contributor
ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered yesterday
ZaxLoffulZaxLofful
1092
New contributor
ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered yesterday
ZaxLoffulZaxLofful
1092
answered yesterday
ZaxLoffulZaxLofful
1092
1092
New contributor
ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
ZaxLofful is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
add a comment |
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f202739%2fis-it-something-to-worry-about-when-my-browser-warns-me-that-my-connection-to-19%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
4
Some clarifications that might help. A) a website is a website even if it's in your router. B) What makes a server remote is that it is not your local machine; it's not about distance at all. Your router is a remote server unless you've attached a keyboard and monitor and logged into it directly.
– studog
yesterday
1) Get crossover cable 2) Ignore message
– Joshua
yesterday
1
it's potentially less-safe if your browser says it's secure because then it's going out to the web and back.
– dandavis
yesterday