nanog mailing list archives
Re: Wireless insecurity at NANOG meetings
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Sun, 22 Sep 2002 13:11:07 +0200 (CEST)
On Sat, 21 Sep 2002, Richard A Steenbergen wrote:
Would WEP solve anything other than keeping the casual person on the street who doesn't know what NANOG is from getting free bandwidth for a couple days? I don't think so.
The trouble is that not using WEP looks like you're not bothering with the low level of security that's available in wireless. The fact that WEP only adds a 15 second - 15 minute delay to full access to the network both for legitimate and not-so-legitimate users means it offers more annoyance than security, but that doesn't alter the perception.
There are also people ssh'ing to personal and corporate machines from the terminal room where the root password is given out or easily available.
Are you saying people shouldn't SSH?
Clearly *SOME* NANOG participants aren't terribly security conscious. But are these the experienced network operators, or just the people who show up because someone at their company thinks its a network training camp?
The real question is: how far we want to go in protecting people against themselves? If the answer is: far, fine: then filter the wireless network for everything that isn't SSH, SSL or some kind of VPN. Otherwise they'll learn the hard way, just like why it's important to back up your files.
That's what the password board is for I guess.
Even more fun would be to scan for email headers and send messages back to the originator that the message is being read over insecure means. That should get some people's attention... However, I think it's dangerous to talk about how insecure everything is all the time. At some point, people are going to think it's no use to even try securing their stuff and just give up. It would be better to deliver a more positive message: if you use SSH, SSL and/or a VPN, you can do whatever you want over a wireless connection without running bigger risks than at home or at the office.
Current thread:
- Re: Whitehouse Tackels Cybersecurity, (continued)
- Re: Whitehouse Tackels Cybersecurity Jared Mauch (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 18)
- Re: Whitehouse Tackels Cybersecurity batz (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Brad Knowles (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 20)
- Wireless insecurity at NANOG meetings Sean Donelan (Sep 21)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 21)
- Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 21)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 22)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings Kevin Steves (Sep 22)
- Re: Wireless insecurity at NANOG meetings Joel Jaeggli (Sep 23)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 22)
- Re: Wireless insecurity at NANOG meetings Sean Donelan (Sep 22)
- To late to add a Sunday Tutorial, base on MERIT data. Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Message not available
- Re: Wireless insecurity at NANOG meetings Dave Crocker (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)