Is Wireless Direct Safe?

[ferrarr]

There is probably an app you can download from the iPadOS App Store for your printer.

‎Canon PRINT

‎Canon PRINT is a companion app for your Canon printer. With this app you can set up your printer, and start printing and scanning. It also provides various handy functions such as checking consumable levels, and printing via the cloud. We recommend using Canon PRINT with your Canon printer...

apps.apple.com

 

[PGB1]

You give both bands the same name and password, I am sure this was mentioned earlier.

That's a very helpful hint. Thanks for posting how-to.

 

[PGB1]

Thank You Jake for your Post #17 explanation of how stuff works.
Oddly, our TCL IoT televisions use 5 GHz. The Vizio TV, Canon printer and treadmill can't. (That's all the IoT stuff at our house.)

Thanks, Bob for the idea of finding an app to do the stuff that Selphy leaves out.

 

[Lifeisabeach]

Not how science works. It is axiomatic that one cannot prove a negative. That's not how science works at all. Your theory is that IoT represents a threat. You provided two old articles about it. But, can you name one instance where an IoT device was the vector to hack into a computer? A Network? All it takes is one case of a Mac being hacked by a refrigerator to disprove my assertion that it is not a real risk.

Look, I don't want to derail this thread or get into an argument. I actually don't disagree about the practical risks as we know them today. What I do disagree with is whether or not to be proactive or reactive. Is there a GOOD reason to NOT limit IOT devices to the Guest network? It's not difficult. It's not an encumbrance. It doesn't compromise the ability to use said devices. It's considered best practice by basically every security professional out there. That's my stance. Reasonable proactive measures beat reactive ones. Every. Single. Time. It's why I have never... ever... say, installed an app from 3rd party update sites as an example. There are many people who shrugged off the "just crying wolf" alarmists about the potential risks of acquiring from said sites, only to regret it later.

 

[MacInWin]

Look, I don't want to derail this thread or get into an argument. I actually don't disagree about the practical risks as we know them today. What I do disagree with is whether or not to be proactive or reactive. Is there a GOOD reason to NOT limit IOT devices to the Guest network? It's not difficult. It's not an encumbrance. It doesn't compromise the ability to use said devices. It's considered best practice by basically every security professional out there. That's my stance. Reasonable proactive measures beat reactive ones. Every. Single. Time. It's why I have never... ever... say, installed an app from 3rd party update sites as an example. There are many people who shrugged off the "just crying wolf" alarmists about the potential risks of acquiring from said sites, only to regret it later.

Having IoT devices in a separate network from your iDevices, Macs, whatever means that to control, monitor, adjust them you have to log OUT of your own network and INTO the Guest network. I use Homekit, which uses my AppleTV as the controller for automations. So, I need my AppleTV in the network with the IoT devices to run the automations. I also use the IoT devices several times each day as lighting conditions change by turning on/off lights in various parts of my home. I also want my iPhone in the AppleTV network to stream from my iDevice to the AppleTV.

Having IoT in a separate network DOES compromise the use of the IoT devices, at least in some, perhaps many, cases. When I hear a noise in my house during the night and want to look at a camera on my phone before I go downstairs to see what it was, I don't want to have to log out of my network, log into another one to get the images. I also don't want to stand in the rain, changing networks, to open a smart door lock, if I get one. And I don't want to pay for and carry a second phone just to be connected to the Guest network for my IoT stuff. So, all in one network, with a strong password on the entire network because it works for me. The router has a strong firewall on it, which I test periodically with the tools at GRC | Gibson Research Corporation Home Page. The "ShieldsUp!" will test and report on any vulnerabilities for you

As for "security professionals" and their opinions, consider that if you REALLY want to be secure, you don't have any smart devices at all. Security professionals are rightfully totally focused on security, but if you do everything they recommend, you end up in in a cabin in the woods with no electricity or phone. Real people live in a real world and accept some risk every day. The key is to evaluate the risk and make whatever decision suits your risk aversion. So, if it bothers you, don't do it. It's (at least right now) a free country. All I was trying to do was make the OP's printer work, which will, if he simplifies his network. And if, like you, he doesn't want his IoT in the same network with his printer and other things, he can still do that, too.

 

[Lifeisabeach]

Having IoT devices in a separate network from your iDevices, Macs, whatever means that to control, monitor, adjust them you have to log OUT of your own network and INTO the Guest network.

Uh, dude. It's a simple drop-down menu to switch networks on a Mac. And the IoT things I have... well I program the network password and login details directly on some of the devices. Others, connect by bluetooth; set up using their companion iPhone app; then done. All controlling done over internet. (EDIT: to be SUPER clear here... I don't have to be on my Guest network to control these things over the internet. I don't even have to be at home). If I could forcibly control over my local network, I'd opt for that, but I can't (EDIT: actually, considering the convenience of controlling my thermostat and lawn irrigation from work, no... no I wouldn't). Now for things that require local access and control over intranet, that's another matter. Even more so if done regularly. Obviously this applies to the printer and some other types of devices. Anyway, 'nuff said. I'm going to agree to disagree.

 

[MacInWin]

Whatever, dude.

 

[PGB1]

At this point, we have the printer & iPad connected by what Canon calls "Wireless Direct". The router can be off & the two still communicate. (WiFi direct with a Canon name?) It's password protected and WPA-2 encrypted. I don't know if this is safe enough or not. I'm counting on the short range of Wireless Direct to help keep it secure.

My wife doesn't mind going to Settings - WiFi and changing to Wireless Direct when she wants to print or scan & changing back to WiFi when she is done. Our only other working option is to connect the iPad and printer to one of the 2.4 GHz networks. She prefers the iPad to be on 5 GHz, which is more stable with her iPad than our 2.4- so Wireless Direct it is.

Canon support said the bluetooth connection problem is iPad's restriction. (iPad can't find the printer)
He said bluetooth on the printer is a "set up helper" that still requires one to be on a WiFi network to use. (Sounds strange to me)

The guys also confirmed that this printer cannot use 5 GHz, but their newer printers do. (If that one sentence was in the manual or set up guide, lots of people would save lots of time trying.)

And, he said iPad can't be plugged into the printer's USB or ethernet jacks based on an Apple restriction or lack of drivers for lightning to USB or to ethernet cables. (True?)

The downsides to network switching on the iPad that I see are that if she wants to print something from a web page, it will first have to be saved to the iPad and that I will have to remember to check for firmware updates manually. The upside is that Canon's tracking & statistical marketing stuff doesn't work. (Per Canon support)

That's how things are set up right now. Hopefully her iPad is safe with Wireless Direct.

 

[Lifeisabeach]

At this point, we have the printer & iPad connected by what Canon calls "Wireless Direct". The router can be off & the two still communicate. (WiFi direct with a Canon name?) It's password protected and WPA-2 encrypted. I don't know if this is safe enough or not. I'm counting on the short range of Wireless Direct to help keep it secure.

My wife doesn't mind going to Settings - WiFi and changing to Wireless Direct when she wants to print or scan & changing back to WiFi when she is done. Our only other working option is to connect the iPad and printer to one of the 2.4 GHz networks. She prefers the iPad to be on 5 GHz, which is more stable with her iPad than our 2.4- so Wireless Direct it is.

Canon support said the bluetooth connection problem is iPad's restriction. (iPad can't find the printer)
He said bluetooth on the printer is a "set up helper" that still requires one to be on a WiFi network to use. (Sounds strange to me)

The guys also confirmed that this printer cannot use 5 GHz, but their newer printers do. (If that one sentence was in the manual or set up guide, lots of people would save lots of time trying.)

And, he said iPad can't be plugged into the printer's USB or ethernet jacks based on an Apple restriction or lack of drivers for lightning to USB or to ethernet cables. (True?)

The downsides to network switching on the iPad that I see are that if she wants to print something from a web page, it will first have to be saved to the iPad and that I will have to remember to check for firmware updates manually. The upside is that Canon's tracking & statistical marketing stuff doesn't work. (Per Canon support)

That's how things are set up right now. Hopefully her iPad is safe with Wireless Direct.

Honestly, I wouldn't worry about this. Despite the disagreement I had with Jake, he's not entirely wrong. But neither am I. Let's leave it at that. I'm looking over the manual for your router and honestly it's a little confusing. I see where it prompts you to set separate SSIDs for the 2.4 GHz band and the 5 GHz band. It's really crazy to do that. I can tell you that my old Apple Airport has that as an OPTION, but you don't have to. If you use the same SSID for both bands, then your device connects to whichever one is strongest.

SO! Here's what I recommend trying. Re-run the setup for your router and see if you can set both the 2.4 GHz band and the 5 GHz band to the same wireless network name. Don't append "5G" to the latter one. Make sure they are titled exactly the same. If it lets you do this, then all your devices should use whichever has the better signal at any given time. We can go over setting up the Guest network afterwards if this is successful.

If it does NOT let you do this, I can only recommend getting a new router. This one just overcomplicates your life. I wouldn't worry too much about using WPA3 at this time, but certainly consider a router that has it as a feature. Just don't use it if you have any devices that can't use it. But most certainly use WPA2 otherwise.

Once you sort this out, just connect the printer to the same network as your Macs. Don't over-worry about security. Even if someone compromised the firmware, they'd then have to figure out how to leverage that access to compromise your Mac. None of these things are actually going on in the real world. As I said before, I'm a believer in being reasonably pro-active, but this is one situation where it's just overkill to isolate the printer like so and bounce between networks just to print something. Seriously, don't sweat this.

 

[MacInWin]

And ditto from me on what LIAB said. You can still keep Guest, if you want, for those IoT things that you are concerned about, but consolidate both Guest and non-Guest to use both bands, 2.4gHz and 5gHz and let the devices do what they do, pick the strongest and best signal. Your wife will never know that the iPad has switched from one to the other and the printer will just be there with no action needed on her part. And despite the fact that both non-Guest and Guest will both use both bands, they will be relatively isolated by the router and devices in Guest, regardless of band, won't see devices in non-Guest, regardless of band.

As for the printer, I don't think there is any known hacks to printers to have them do havoc on LANs. Printers are, in the end, relatively stupid devices.

 

[PGB1]

From LifeIsABeach; "Here's what I recommend trying. Re-run the setup for your router and see if you can set both the 2.4 GHz band and the 5 GHz band to the same wireless network name."
Router threw a fit. Even different names & same password made it mad.

"If it does NOT let you do this, I can only recommend getting a new router."
Kinda figured that was coming soon. How fast computer stuff goes obsolete! (Thanks in part to trying to keep ahead of the bad guys.)

From Jake: "Your wife will never know that the iPad has switched from one to the other and the printer will just be there with no action needed on her part."
This sounds like the best plan- after a new router that allows same name on both networks.

Thanks Again All!
Paul

 

[MacInWin]

Can you give us the router details for manufacturer and model? Maybe we can figure out how to get it to do what we recommended.

 

[Lifeisabeach]

Can you give us the router details for manufacturer and model? Maybe we can figure out how to get it to do what we recommended.

He posted the model name in an earlier reply. I’m out and about so just quickly commenting. I had looked over the user manual extensively and there was no indication that naming the two identically was supported. But didn’t outright say it couldn’t. I figured it couldn’t but worth a shot.

 

[TotalSolutions]

Hard reset the Modem / Router. Find the reset hole on the back and with a pin press for 5 seconds, should go back to factory. End of.

 

[MacInWin]

He posted the model name in an earlier reply. I’m out and about so just quickly commenting. I had looked over the user manual extensively and there was no indication that naming the two identically was supported. But didn’t outright say it couldn’t. I figured it couldn’t but worth a shot.

Went back and found the reference. I had taken it for something else at the time. Read the manual. Seems not to be able to merge 2.4 and 5gHz in one network! Amazing that it cannot do such a simple and desirable task. I remember now why I have no tp-link devices anymore. Tried one, threw it in the bin in about 6 weeks.

I guess the OP is stuck. The only good solution I can see is to get a different router.

 

[ferrarr]

What ver of the router is the OP using 4 or 5? Probably the older version if they have had it a few years.

 

[krs]

I guess the OP is stuck. The only good solution I can see is to get a different router.

Basic routers are pretty cheap and go on sale as well.
Here is one at less than $40 Cdn
https://www.amazon.ca/dp/B09HRCM7WT/

 

[PGB1]

The router is Version 5, Bob. (I forgot to post that earlier.)

I called TP Link & the guy confirmed it cannot merge the networks. It also can't have a drive for Time Machine directly connected to its USB port. A new router hopefully will solve both frustrations.

 

[Lifeisabeach]

The router is Version 5, Bob. (I forgot to post that earlier.)

I called TP Link & the guy confirmed it cannot merge the networks. It also can't have a drive for Time Machine directly connected to its USB port. A new router hopefully will solve both frustrations.

I don‘t know of any routers, other than Apple’s Airports, that allow connecting a drive for use on a network. Would love to know if there are myself. When my Time Capsule bites the dust, a Synology Diskstation is the best alternative that I know of.

 

[PGB1]

From Lifeisabeach: I don‘t know of any routers, other than Apple’s Airports, that allow connecting a drive for use on a network.
The TP-Link guy said their routers can connect to NAS drives. He spoke of SMB and FTP. I don't know if this is helpful to you, It's way over my head.

He also mentioned NAS for using an attached-to-router's USB drive for other non Time Machine storage applications, such as one driven by BackBlaze, iDrive, CrashPlan, etc.
He sent me this link: https://www.tp-link.com/us/support/faq/253/

The technician said a drive for Time Machine is capable to plug into the USB & use on "most" of their routers & sent me this link: https://www.tp-link.com/ae/support/faq/1564/ (My particular model isn't capable of Time Machine.)

Hopefully, this is helpful to someone someday.
Paul