a1) What do you mean by "what are the chances"? What are the chances the wifi owner is malicious, or what are the chances they can do it if they are? The former question I have no data on. The latter depends on what you're using their wifi for. If you are downloading executable files and running them then obviously it's very easy for them to put malware on your computer. The next most likely vectors are PDFs, or malicious Java / Flash / scripts on websites, but all of those would need you to be running vulnerable software (although in the case of Adobe Acrobat, it is vulnerable even if you are 100% up to date, we just don't know what's wrong with it yet ;)
To avoid this I would say, in ascending order of paranoia (i.e. 1 is sensible, the rest are more paranoid):
- Do not download any executables over an internet connection you don't trust
- Don't have your browser set up to open PDFs in Acrobat (there are many safer alternatives), Flash, or Java applets without asking you
- Consider using NoScript
Of course, if you are using SSL websites, then they cannot modify what data you get. Probably. See answer 3.
a2) Assuming no malware has been planted on your computer, and you operate under the rules in answer 1, effectively zero. There might be programs that are leaking information, or have bugs that let people put things on your computer, but that isn't really relevant to the wifi. Minimising the number of applications allowed to use the internet (in the firewall settings) is a good idea for this reason.
a3) When you use HTTPs your browser verifies that the site is who they say they are by checking their certificate. Only certain people can give out these certificates, and your browser knows how to check theirs.
What does this mean for security? Well for one, it means you are trusting those certificate writers. There have been attacks on their systems to produce fraudulent certs in the past, and there have been cases of browsers trusting certificate authorities that no one is quite sure who owns them now.
What can you do? Some browsers have extensions to help you out here. What you want is something that remembers what certificate a given website had last time you visited it, and will put up a big fat warning if that changes. This means even if a certificate authority is compromised in some way, you still won't hand over your data.
This is a very unlikely outcome, by the way - it would require someone to obtain a fraudulent cert AND to then target people using that site over their wifi... Given the value of the cert, and the effort to obtain it, it's much more likely it would be used in a wider attack. But it won't hurt to protect yourself against such things, anyway.
Oh and of course, sites using self-signed certificates are trivial to masquerade as. Having an extension that compares the cert to the last time you accessed them would alert you to any man-in-the-middle going on.
q3) the sensitive data I transmit using https being seen or stolen and unencrypted?
Ok I'll address the points that I can:
Yes it is possible to upgrade, or change the firmware on your router to another type. In doing so you will gain access to a far greater set of settings that you wouldn't already have on the factory firmware. Have a look at this article for a good idea of how to do it using DD-WRT:
http://www.howtogeek.com/56612/turn-your-home-router-into-a-super-powered-router-with-dd-wrt/
WPA2 is a great encryption method which basically lets anyone who knows your passphrase connect. What you are also talking about is MAC address filtering which basically adds another layer of security to the connection meaning that if you add MAC filtering to the connection then although you know the passphrase if your MAC address is not in the table you won't be able to connect. A MAC address is just basically unique identifier associated to a specific piece of hardware. You would need to know the devices MAC address before they could connect as you would have to add it to the table in the router's security settings section.
Turning off your SSID is easily possible. That way your network would not show up when a computer or device scans for available networks. People trying to connect would have to do so manually having to enter your SSID name in the connect to dialogue box. Is it worth it? Well it is just another layer of security so yes if that is what you want. Bear in mind though that any serious hacker worth their salt could bypass this without much effort.
Bandwidth calculators. If you want this then that pretty much makes the decision about point 1 for you. You will need to change the firmware on the router if you want this functionality.
I would have a read of that article above and then decide if you are comfortable doing what it suggests. Good Luck.
Best Answer
You should mention what OS you're using. Anyway, assuming you're referring to someone using your bandwith via your wireless router, the simplest way to monitor that is to keep a record of all devices that have connected to your N300 router.
I had a quick look at the N300 user manual and found no mention of SNMP support, so you would have to log on to the web interface and check what devices are currently connected, or possibly have the router email you logs on daily basis. You could then easily parse the logs and have a simple list of connected DHCP clients for any given day from which it'd be easy to spot any devices that didn't belong there. Little bit of shell scripting and you could automate it, or you could just collect the logs for a few days and see if there's been any unwanted visitors.
Provided that you've changed the default admin password, any prospective bandwith stealer would probably have hard time avoiding being logged.
Or, in case you don't trust the logs and wanted to take extreme measures, set up a box between the N300 and whatever it is connected to, and set it to monitor all traffic passing through it.
This has nothing to do with the question itself, but just as a sidenote, if you're using a WPA2 key over 10 characters long then no one is going to crack it. They could set up an AP to act as an evil-twin, and you might accidentally connect to that, but then they'd be stealing something other than bandwith. Even if they capture the handsake, the key itself, when strong and varied, would take many years to crack.