Wireless insecurity at NANOG meetings
David Diaz
davediaz at smoton.net
Mon Sep 23 14:19:10 UTC 2002
Actually, from a legal standpoint, you put locks on the door same
reason as u would on the wireless. Otherwise an invitation could be
implied. It's hard for someone to argue that they were invited if
they had to use breakin tools. Otherwise I dont think anyone would
have a case, public area, public use lan.... If I was walking through
a hotel and found an open LAN I would assume it was there for a perk
of the hotel.
I still dont see the problem with either side of this discussion. If
we had a minor amount of security, I think the nanog goers could
easily figure it out. If not, a little friendly assistance from the
person sitting next to you and you might just have made a friend.
Payoff with a simple beer later would suffice.
Actually I believe it was Bill Woodcock that sent me mac drivers back
in 1997 for the wireless. I may still owe him a beer though.
dave
At 9:04 -0500 9/23/02, Stephen Sprunk wrote:
>Thus spake "Sean Donelan" <sean at donelan.com>
>> The wireless networks at NANOG meetings never follow what the security
>> professionals say are mandatory, essential security practices. The NANOG
>> wireless network doesn't use any authentication, enables broadcast SSID,
>> has a trivial to guess SSID, doesn't use WEP, doesn't have any perimeter
>> firewalls, etc, etc, etc. At the last NANOG meeting IIRC over 400
>> stations were active on the network.
>
>There is no useful security mechanism that can be applied to NANOG wireless.
>
>WEP assumes a black-and-white security model, just like most VPNs:
>if a user is
>on the "inside", they're fully trusted. This is somewhat reasonable in the
>corporate world, where all of the users are employees who are responsible to a
>common entity, but it has no application to NANOG or other public events where
>none of the users are responsible to the operator, much less have
>any trust for
>each other. There is no sense giving people the illusion of security here.
>
>Many corporations are going to open access-points "outside" their firewall and
>requiring per-user VPNs to access any data-center resources. This is the
>simplest (and cheapest) solution to deploy and offers security folks the best
>options for AAA besides.
>
>I can't say without a sniffer, but I'd bet that most NANOG participants are
>doing the same: SSH or IPsec VPN's back to home (wherever that is).
>Anyone who
>isn't is begging to be hacked, WEP or not. Anyone interested in hacking NANOG
>attendees' networks is likely a NANOG attendee himself. Caveat attendor.
>
>S
--
David Diaz
dave at smoton.net [Email]
pagedave at smoton.net [Pager]
Smotons (Smart Photons) trump dumb photons
More information about the NANOG
mailing list