Re: Home wireless free hotspot

[Jay Vlavianos <jvlavianos () ecastnetwork com>]

If you look at the RIAA/MPAA lawsuits that eventually boiled down to  
an open access point - those people got off (mostly) but they had to  
sustain huge expensive court battles and the burden of proof was on  
them to prove that it wasn't their activity but an unknown user of  
their access point.

That was music and movies - child porn is a whole different topic and  
I doubt the authorities are willing to entertain the "it wasn't me"  
argument.

Since most law enforcement or D.A.'s know very little about how the  
Internet works - it is almost impossible to have them believe that  
even though it looked like you, smelled like you and sounded like you  
(your IP, your equipment, your Internet billing account) it wasn't you.

Your ISP will give you up in a second -the last telco I worked for  
would treat lawfirm issued letters (C&D, request for IP or customer  
record, etc) the same as a court issued subpoena, request for evidence  
or DCMA.

Legal advice aside - if you resubnet another router behind your  
network and only offer one route (egress to the cloud) your probably  
OK but your safety is only as good as your device security. If you can  
control the management interface of that router from your personal  
subnet and obscure it from the community segment, your probably OK.

Are you planning on trying to manage QoS or are you just hoping they  
don't seed a bunch of torrents and run a tor exit node? ;)

-Jay

On Mar 16, 2010, at 8:36 AM, "John Lightfoot" <jlightfoot () gmail com>  
wrote:

> A fair question, although there are many towns and airports that  
> offer free
> Internet access so presumably there's a way to get around the  
> problem of
> liability for illegal activity.
>
> The ISP service agreement question is also fair, and I'll have to do  
> some
> research as to what's allowed by my agreement.  But I won't be  
> advertising
> the service or encouraging it, just not minding if someone "borrows"  
> it.  I
> don't see it as significantly different than someone who hooks a  
> Linksys
> router to his/her cable modem connection and doesn't change the  
> default
> settings.
>
> -----Original Message-----
> From: Dimyan, Michael [mailto:Michael.Dimyan () timewarner com]
> Sent: Monday, March 15, 2010 7:14 PM
> To: 'John Lightfoot'; security-basics () securityfocus com
> Subject: RE: Home wireless free hotspot
>
> Aside from the possibility that sharing your internet connection may  
> be a
> violation of your ISP service agreement, the question I would ask is  
> if
> you'd be liable for any potentially illegal activity that may take  
> place on
> your connection.
>
> -----Original Message-----
> From: listbounce () securityfocus com  
> [mailto:listbounce () securityfocus com] On
> Behalf Of John Lightfoot
> Sent: Friday, March 12, 2010 3:11 PM
> To: security-basics () securityfocus com
> Subject: Home wireless free hotspot
>
> Hello,
>
> I have a home wireless network that I'd like to make available to  
> neighbors
> who need to borrow a connection from time to time.  Consider it karmic
> repayment for the times I've had to borrow someone else's open  
> connection.
> Of course, I'd like to do it securely, so I'm looking for some advice.
>
> My main network has a wireless router connected to the Internet,  
> with a few
> wired connections to my home computers.  The main router's wireless  
> network
> is protected by WPA, access control via MAC address, etc.  My  
> thought is I
> would attach a second wireless router (Netgear) to a port off the main
> router and leave it unsecured, using a second subnet, and block any  
> routing
> between the two subnets, other than straight out to the Internet,  
> but I'm
> not sure the best way to do that.
>
> So, a few questions:
>
> If I set up a second router with a subnet "subservient" to my main  
> router,
> presumably it has to get an IP address within the address space of  
> the main
> network, but how can I limit access to that network to only my  
> Internet
> interface?
>
> Would it make more sense for my secure network to be subservient to  
> the main
> network, i.e. open up the main network and secure a secondary subnet  
> off it?
>
> I also have a Secure Computing SG 300 Firewall/VPN appliance, could I
> configure that help keep the networks separate and my home network  
> secure?
> It's got a lot of nice features, but I'm not sure it would help make  
> my
> configuration more secure.
>
> This may be a very bad idea, so I'd also be happy to hear why that's  
> so if
> it's true.
>
> Thanks for any advice.
>
>
> John Lightfoot
>
>
>
>
> --- 
> ---------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate In this  
> guide we
> examine the importance of Apache-SSL and who needs an SSL  
> certificate.  We
> look at how SSL works, how it benefits your company and how your  
> customers
> can tell if a site is secure. You will find out how to test, purchase,
> install and use a thawte Digital Certificate on your Apache web  
> server.
> Throughout, best practices for set-up are highlighted to help you  
> ensure
> efficient ongoing management of your encryption keys and digital
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
> d1
> --- 
> ---------------------------------------------------------------------
>
>
> =================================================================
> This message is the property of Time Warner Inc. and is intended  
> only for
> the use of the
> addressee(s) and may be legally privileged and/or confidential. If the
> reader of this message is not the intended recipient, or the  
> employee or
> agent responsible to deliver it to the intended recipient, he or she  
> is
> hereby notified that any dissemination, distribution, printing,  
> forwarding,
> or any method of copying of this information, and/or the taking of any
> action in reliance on the information herein is strictly prohibited  
> except
> by the original recipient or those to whom he or she intentionally
> distributes this message. If you have received this communication in  
> error,
> please immediately notify the sender, and delete the original  
> message and
> any copies from your computer or storage system. Thank you.
> =================================================================
>
>
> --- 
> ---------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs  
> an SSL certificate.  We look at how SSL works, how it benefits your  
> company and how your customers can tell if a site is secure. You  
> will find out how to test, purchase, install and use a thawte  
> Digital Certificate on your Apache web server. Throughout, best  
> practices for set-up are highlighted to help you ensure efficient  
> ongoing management of your encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> --- 
> ---------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------