Wireless insecurity at NANOG meetings
Steven M. Bellovin
smb at research.att.com
Mon Sep 23 09:16:03 UTC 2002
In message <Pine.GSO.4.40.0209221641250.23761-100000 at clifden.donelan.com>, Sean
Donelan writes:
>
>On Sun, 22 Sep 2002, Randy Bush wrote:
>> - the users need to be told how to operate more safely, use
>> end-to-end authentication and privacy, etc. it's a matter of
>> education. and the education will stand them in good stead
>> when they use 802.11 at starbucks, airports, etc. we do this
>> at ietf, but it is not allowed at nanog.
>
>Sunday afternoon is full of tutorials on lots of different subjects.
>Has anyone volunteed to conduct a Sunday tutorial on wireless security
>for users of "public" wireless networks?
>
>Although I think it is a mistake to think a wireless network security
>is different than using any other network you don't control. Most
>wireless security tutorials tend to concentrate on "securing" the
>wireless network instead of how to communicate over an untrusted
>network.
>
Precisely -- and it's precisely why I'm not a big fan of "wireless
security" as a discipline: my threat model for the wired network has
never been any different than for wireless...
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)
More information about the NANOG
mailing list