Wireless insecurity at NANOG meetings

• Previous message (by thread): Wireless insecurity at NANOG meetings
• Next message (by thread): Wireless insecurity at NANOG meetings
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Actually, from a legal standpoint, you put locks on the door same 
reason as u would on the wireless. Otherwise an invitation could be 
implied.  It's hard for someone to argue that they were invited if 
they had to use breakin tools.  Otherwise I dont think anyone would 
have a case, public area, public use lan.... If I was walking through 
a hotel and found an open LAN I would assume it was there for a perk 
of the hotel.

I still dont see the problem with either side of this discussion.  If 
we had a minor amount of security, I think the nanog goers could 
easily figure it out.  If not, a little friendly assistance from the 
person sitting next to you and you might just have made a friend. 
Payoff with a simple beer later would suffice.

Actually I believe it was Bill Woodcock that sent me mac drivers back 
in 1997 for the wireless.  I may still owe him a  beer though.

dave




At 9:04 -0500 9/23/02, Stephen Sprunk wrote:
>Thus spake "Sean Donelan" <sean at donelan.com>
>>  The wireless networks at NANOG meetings never follow what the security
>>  professionals say are mandatory, essential security practices. The NANOG
>>  wireless network doesn't use any authentication, enables broadcast SSID,
>>  has a trivial to guess SSID, doesn't use WEP, doesn't have any perimeter
>>  firewalls, etc, etc, etc. At the last NANOG meeting IIRC over 400
>>  stations were active on the network.
>
>There is no useful security mechanism that can be applied to NANOG wireless.
>
>WEP assumes a black-and-white security model, just like most VPNs: 
>if a user is
>on the "inside", they're fully trusted.  This is somewhat reasonable in the
>corporate world, where all of the users are employees who are responsible to a
>common entity, but it has no application to NANOG or other public events where
>none of the users are responsible to the operator, much less have 
>any trust for
>each other.  There is no sense giving people the illusion of security here.
>
>Many corporations are going to open access-points "outside" their firewall and
>requiring per-user VPNs to access any data-center resources.  This is the
>simplest (and cheapest) solution to deploy and offers security folks the best
>options for AAA besides.
>
>I can't say without a sniffer, but I'd bet that most NANOG participants are
>doing the same: SSH or IPsec VPN's back to home (wherever that is). 
>Anyone who
>isn't is begging to be hacked, WEP or not.  Anyone interested in hacking NANOG
>attendees' networks is likely a NANOG attendee himself.  Caveat attendor.
>
>S

-- 

David Diaz
dave at smoton.net [Email]
pagedave at smoton.net [Pager]
Smotons (Smart Photons) trump dumb photons

• Previous message (by thread): Wireless insecurity at NANOG meetings
• Next message (by thread): Wireless insecurity at NANOG meetings
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]