Re: Home wireless free hotspot

[Rick Saffery <bohicarico () gmail com>]

I too was struck by how generous you were towards your immediate neighbors.

I second what Jonathan posited as consideration with respect to the
SLA you have with your ISP.

Have you considered your potential liability by providing this 'open'
wireless subnet?  For example, what if your benefactors decided to
engage in unauthorized pen-testing of exposed DoD networks? Or,
simpler yet, they retrieve files which on discovery turn out to be
related to child-p0rn.  Are you prepared to be pulled into a legal net
based on external network activity?  Granted, you may eventually be
cleared of wrong-doing in a court of law. But, you're likely to be
convicted in a court of public opinion.  Is the admirable goal of
sharing bandwidth worth the cost to you and your reputation should a
worse case scenario materialize?



On Mon, Mar 15, 2010 at 6:05 PM, Johnathan
<martinez85 () att blackberry net> wrote:
> How sweet of you...
>
> Now matter how kind your intentions are, you may want to check the terms and conditions of the agreement of the 
> contract you hold with your service provider.
>
> You legally may not be allowed to do such a thing you are proposing.
>
> You may be aware of this already, just wanted to put it out there for others who may have the same mind set as you.
>
> ----
> Johnathan
>
> Sent via BlackBerry by AT&T
>
> -----Original Message-----
> From: "John Lightfoot" <jlightfoot () gmail com>
> Date: Fri, 12 Mar 2010 15:10:40
> To: <security-basics () securityfocus com>
> Subject: Home wireless free hotspot
>
> Hello,
>
> I have a home wireless network that I’d like to make available to neighbors
> who need to borrow a connection from time to time.  Consider it karmic
> repayment for the times I’ve had to borrow someone else’s open connection.
> Of course, I’d like to do it securely, so I’m looking for some advice.
>
> My main network has a wireless router connected to the Internet, with a few
> wired connections to my home computers.  The main router’s wireless network
> is protected by WPA, access control via MAC address, etc.  My thought is I
> would attach a second wireless router (Netgear) to a port off the main
> router and leave it unsecured, using a second subnet, and block any routing
> between the two subnets, other than straight out to the Internet, but I’m
> not sure the best way to do that.
>
> So, a few questions:
>
> If I set up a second router with a subnet “subservient” to my main router,
> presumably it has to get an IP address within the address space of the main
> network, but how can I limit access to that network to only my Internet
> interface?
>
> Would it make more sense for my secure network to be subservient to the main
> network, i.e. open up the main network and secure a secondary subnet off it?
>
> I also have a Secure Computing SG 300 Firewall/VPN appliance, could I
> configure that help keep the networks separate and my home network secure?
> It’s got a lot of nice features, but I’m not sure it would help make my
> configuration more secure.
>
> This may be a very bad idea, so I’d also be happy to hear why that’s so if
> it’s true.
>
> Thanks for any advice.
>
>
> John Lightfoot
>
>
>
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



-- 
Elect Rick Saffery to Maryland House of Delegates - District 45

Eternus vigilance est pretium of licentia.

http://www.brillig.com/debt_clock/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------