RE: Home wireless free hotspot

[Jay Vlavianos <jvlavianos () ecastnetwork com>]

> That way you are not bombarded with legal advice from the surprising
> number of lawyers that come out of the woodwork when such questions
> are asked.

You have got to be kidding with that.   You honestly expect security professionals to recommend a solution that has 
serious potential problems for the implementer without opining on it?   If I was answering these questions for a client 
instead of someone on a mailing list I would say the same thing (as I am sure everyone else would)... so why not say it 
to this guy?

You don't have to be a lawyer to read the all of the scary brute LEO stuff and realize that people get harassed and 
dragged to court for anything.  Why would you know that in your brain, and not say something?



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Doug Farre
Sent: Tuesday, March 16, 2010 12:21 PM
To: security-basics () securityfocus com
Subject: Re: Home wireless free hotspot

Hi John,
I would be careful how you word your request next time.  Instead of
saying "...have a home wireless network that I'd like to make
available to neighbors who need to borrow a connection from time to
time." You could have said: "I would like to set up a wireless network
on my home network that only has access to the internet and not the
rest of the network."

That way you are not bombarded with legal advice from the surprising
number of lawyers that come out of the woodwork when such questions
are asked.

On Tue, Mar 16, 2010 at 3:31 AM, <ultrique () hotmail com> wrote:
> John,
>
> Any open wireless device is a bad idea (and normally a breach of the TOC by your ISP) so I advise securing it with at 
> least a WPA Personal enabled access point/router and giving the connection details to your neighbour... also be aware 
> that due to the way wireless works if you have 2 devices of the same type (802.11a,b-g,n) together you must choose 
> seperate channels in the access point/router when setting them up otherwise you get conflicts and possibly loss of 
> connectivity while they fight over the channel.
>
> Unless you have some sort of mid tier router/firewall such as a cisco router your unlikely to be able to control 
> traffic flow between your computers and the "other" devices on the network.  The only way I can imagine you doing 
> this other than getting a uprated router (some new ones support isolated wireless for net access only) would be to 
> place your network on 1 router with a DSL/Cable WAN port (normal network port) and plug this into another router 
> connected to the internet and use this second router as your shared wireless network.  The reason I say this is a lot 
> of lower tier routers only allow you to control access from external to internal.
>
> In esence
> Internet connected to -
> Router1 (neighbours WPA wireless 802.11a) connected to -
> Router2 (private LAN and wireless 802.11b-g,n)
>
> This prevents your neighbours obtaining access to your home network while still allowing internet access.
>
> An alternative would be to buy a good firewall (ebay has a lot of Cisco pix's etc) and set up the network as follows.
>
> Router (your private lan, wireless, and internet )connected to -
> Firewall - connect 1 port to your lan and one to the new wireless access port, restrict traffic to deny traffic to 
> all IP's other than your routers IP on the internal subnet from the access point, so if your router IP is 192.168.0.1 
> and subnetmask 255.255.255.0 then on the firewall deny all traffic to 192.268.0.2-254.  Connected to -
> Access Point set up for neighbours connected into another firewall port.
>
> There are of course some possible issues with sharing your internet connection including you may become legally 
> liable for all actions your neighbours perform online, potentially if you have internet limits imposed you may exceed 
> them.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



--
------
Doug Farre
(209) 677-7483

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------