Security Basics mailing list archives
RE: Home wireless free hotspot
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 21 Apr 2010 10:33:09 -0700
One of the criticisms of the FCC decision was the lack of guidance about WHAT "complying with CALEA" actually looks like for an Internet access provider. The organizations I know of opted to qualify for the exceptions that the FCC allowed for (libraries, *private* access) instead of trying to implement it. David Gillett, CISSP -----Original Message----- From: Budi wibowo [mailto:bwibowo () gmail com] Sent: Wednesday, April 21, 2010 07:00 To: David Gillett; listbounce () securityfocus com; security-basics () securityfocus com Subject: Re: Home wireless free hotspot What's the calea standard for internet access? as I work for cdma operator and I only know j std 025 a and b. For cdma 2000. But for data access I think not yet standarized . Cmiiw -----Original Message----- From: "David Gillett" <gillettdavid () fhda edu> Date: Mon, 19 Apr 2010 14:04:35 To: <security-basics () securityfocus com> Subject: RE: Home wireless free hotspot MY objection is to anyone who equates "qualifies as an ISP in the eyes of the law" with "Scott Free". About a year ago, the FCC officially noticed the existence of VOIP, and responded by ruling that anyone offering "public Internet access" must comply with CALEA (Communications Assistance to Law Enforcement Act), which mandates that phone companies have facilities in place allowing them to efficiently cooperate with wiretap orders. In the IP space, nobody seems to be sure what that requires or costs, The popular alternative amongst those who DON'T consider themselves ISPs has been to configure their network services to support a defense of "Our service isn't public, it's PRIVATE"; the FCC made an exception for libraries but NOT for educational institutions or, so far as I can see, Joe Consumer's unprotected wireless router. It's possible that some court could rule that some Terms of Service provisions qualify a network as private, but probably only when measures are taken to enforce those provisions. Are you still sure you want to be an ISP? David Gillett, CISSP, CCNP -----Original Message----- From: Boyd, Chad [mailto:CBoyd () madden com] Sent: Friday, April 16, 2010 14:12 To: wheeler90 () comcast net; JayZee Cc: martinez85 () att blackberry net; jlightfoot () gmail com; listbounce () securityfocus com; security-basics () securityfocus com Subject: RE: Home wireless free hotspot I don't know about the rest of you, but this back and forth has made me laugh several times today. On one hand, you have Jay presenting some very compelling arguments, while on the other you have Reginald who believes that just because he has a wireless router and a "Terms of Use" scrawled on the back of a napkin, that he somehow qualifies as an ISP in the eyes of the law. In a situation like this, you can't think about this from your perspective. You have to think about it from the perspective of the ISP and the police. When the police are informed of illegal activity, they subpoena the ISP for records so that they can track down the offender. If someone is on YOUR network doing something illegal, then in the eyes of the police, YOU are the offender. YOU will be the one that has to go sit in a cell while they hash it out. Sure, after sitting a cell for a few hours they may let you out. That is, if you can prove through some type of logging or similar evidence that the illegal activity did not happen from your home, but from someone else connected to your network. This is probably after they have confiscated all of the computers in your house though. Herein lies the real pain though: You have a few certs next to your sig, so you obviously know how to Google on how to secure a network. If this were to go to court, how would you defend against your ISP charging that you had no authorization from them to provide sub-services and moreover that you allowed the illegal activity? What you have to remember is that an ISP falls under certain regulations. With that, they are also allowed certain protections. You are NOT and ISP. You are an END USER. Make no mistake. I have a secondary wireless network open to a few people in my building. I fully understand though that they are on my network and if they do something that sets off any red flags, those red flags will be next to MY name, not theirs. I understand that your lawyer friend told you that you were good-to-go with this. My recommendation to you would be to get a second opinion (preferably from someone that doesn't accept payments in beer). /rant ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727 d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- RE: Home wireless free hotspot Reginald Wheeler (Apr 16)
- Re: Home wireless free hotspot Adam Mooz (Apr 16)
- <Possible follow-ups>
- RE: Home wireless free hotspot Reginald Wheeler (Apr 16)
- Re: Home wireless free hotspot JayZee (Apr 16)
- Re: Home wireless free hotspot Reginald Wheeler (Apr 16)
- RE: Home wireless free hotspot Boyd, Chad (Apr 19)
- RE: Home wireless free hotspot David Gillett (Apr 20)
- Message not available
- RE: Home wireless free hotspot David Gillett (Apr 26)
- Re: Home wireless free hotspot JayZee (Apr 16)
- RE: Home wireless free hotspot Craig S. Wright (Apr 19)
- RE: Home wireless free hotspot Jay Kerby (Apr 19)