Wi-Fi and Certificate Safety Issues.

My school uses a WiFi network that monitors students' activity for saftey/rules purposes. I really have no problem with it, and I guess I can't because I signed off on the rules.

Anyways, last night I updated to Safari 11. This morning when I tried to log in to the WiFi, I found it worked differently. On the old Safari (Safari 10?) I would get a message that said something like "The netwoek you are connecting to may not be secure" and I would hit "Ok" and log in anyway. Today when I tried to log in, My computer said the netwrk wasn't secure, I had to hit a button to go to the login website, and (most importantly/concerning) I had to enter my computer password to "Change my Certificate of Trust".

Is my computer now in (greater) jeopardy of being compromised? Does my computer now allow access from all sites, or just from my school's WiFi? If the former is true, how can I remedy it? Any and all help is appreciated

Thanks in advance!

Answered! View the answer I have this problem too

Is this a good question?

Score 0
Add a comment
Deck the Halls
With tools and Fix Kits

1 Answer

Chosen Solution

There are different layers of security at play here. The first is the raw connection between your system and the given WiFi Access Point (AP). This is where WEP or WPA services apply. That way if someone where to sniff the WiFi band you were using they would not see the data stream as it would be encrypted!

Now let’s move up the IEEE/ISO network model to the next level involved here.

This is where the session to your host is involved. Within TCP/IP we use a means to translate names to IP addresses. Think how in years past we had the White & Yellow Pages phonebooks to look up a person or business phone number. This is the same within TCP/IP we call it a name server or just DNS. This is where you got the warning as the DNS you connected to did not have a trusted certificate for the site you where trying to connect to. The best way to express this is you get a phone call on your cellphone and the persons name is blocked so you don’t know who is calling you is it someone you know? Do you answer it? Let’s say you recognized the phone number as your mother's so you answer it. But you do one more thing! You create an entry in your contacts list so when your mother calls you again instead of seeing the number you see her name.

This is what you encountered as the DNS did not trust the hosts lookup, you over ruled it by telling your system to accept this is a trusted host so the next time you establish a connection to it your computer will accept it as trusted.

Sorry to be so long winded here...

The bottom line is your system is safe from anyone trying to connect to you from the schools network. As you would need to establish the connection not the other way around. Think of it this way, you’re calling them, they aren’t calling you as they don’t know what your IP address is (i.e. phone number).

But! You can put your self at risk if the system (web server host) was comprimised as the web site you connected to could be a cloned site that is spoofing the real site. As an example your Bank’s site and you give the fake site your name & password to get to your account.

What to do?? First you should speak to the person in charge of the web server and have them correctly register it so you know it’s the real McCoy! Once they do that you’ll want to delete the entry in your certificates listing you created so you don’t get re-directed to a fake host.

Was this answer helpful?

Score 1

Comments:

The last level of security is the data stream to the web server it’s self, this is where your connection is HTTPS Vs HTTP, Apple uses this by default. This is the little lock icon in the address bar. This makes sure only the web server you connected to is accessing the data.

by

If I mistakenly/unknowingly try to connect to a website/network that isn't secure, will Apple tell me, or, becuase of this, will it let me procede?

by

It did here! When you you accessed the web server it warned you the hosts name & address was not registered within the DNS.

Keep the concept on how you use your phone here...

Your Mac is basically doing a phonebook look up and tells you the phonebook doesn't have an entry for that name. And yes, you still are in the drivers seat, so you can either take the warning and not proceed or ignore the warning.

FYI - This is how TCP/IP works its not just Mac's; Windows & Linux likewise do the same thing.

by

I came across another network similar to the one my school has and you were right. It did warn me. Thanks much for the help!

by

Add a comment

Add your answer

Jack will be eternally grateful.
View Statistics:

Past 24 Hours: 0

Past 7 Days: 0

Past 30 Days: 2

All Time: 48