Re: Home wireless free hotspot

["Johnathan" <martinez85 () att blackberry net>]

Doug,

In a way, security professionals are very much similar to lawyers if you really think about it. I have to give advice 
such as I have, and many others too, on issues such as these. When legal issues arise, it is our duty to educate the 
person on "what could happen" and legal consequences on something that may seem like a good idea at the time.

If I were you I would be careful of how you word advise to others. Instead of advising someone to re-word the same 
question in an obfuscated way, you could have suggested that it would have been better to state at the  end of their 
question that "I totally and fully accept the risk of what I just asked" so that you are not bombarded by some snippy 
internet security lawyer like guy such as me.

Someone should create a security focus risk acceptance form that can be digitally signed so when a question that is 
legally and/or ethically questionable arises, everyone will be on the same page.

Cheers! =)

Johnathan, Internet Security ADA (Assistant Domain Attorney) 

----
Johnathan

Sent via BlackBerry by AT&T

-----Original Message-----
From: Doug Farre <dougfarre () gmail com>
Date: Tue, 16 Mar 2010 14:20:47 
To: <security-basics () securityfocus com>
Subject: Re: Home wireless free hotspot

Hi John,
I would be careful how you word your request next time.  Instead of
saying "...have a home wireless network that I’d like to make
available to neighbors who need to borrow a connection from time to
time." You could have said: "I would like to set up a wireless network
on my home network that only has access to the internet and not the
rest of the network."

That way you are not bombarded with legal advice from the surprising
number of lawyers that come out of the woodwork when such questions
are asked.

On Tue, Mar 16, 2010 at 3:31 AM, <ultrique () hotmail com> wrote:
> John,
>
> Any open wireless device is a bad idea (and normally a breach of the TOC by your ISP) so I advise securing it with at 
> least a WPA Personal enabled access point/router and giving the connection details to your neighbour... also be aware 
> that due to the way wireless works if you have 2 devices of the same type (802.11a,b-g,n) together you must choose 
> seperate channels in the access point/router when setting them up otherwise you get conflicts and possibly loss of 
> connectivity while they fight over the channel.
>
> Unless you have some sort of mid tier router/firewall such as a cisco router your unlikely to be able to control 
> traffic flow between your computers and the "other" devices on the network.  The only way I can imagine you doing 
> this other than getting a uprated router (some new ones support isolated wireless for net access only) would be to 
> place your network on 1 router with a DSL/Cable WAN port (normal network port) and plug this into another router 
> connected to the internet and use this second router as your shared wireless network.  The reason I say this is a lot 
> of lower tier routers only allow you to control access from external to internal.
>
> In esence
> Internet connected to -
> Router1 (neighbours WPA wireless 802.11a) connected to -
> Router2 (private LAN and wireless 802.11b-g,n)
>
> This prevents your neighbours obtaining access to your home network while still allowing internet access.
>
> An alternative would be to buy a good firewall (ebay has a lot of Cisco pix's etc) and set up the network as follows.
>
> Router (your private lan, wireless, and internet )connected to -
> Firewall - connect 1 port to your lan and one to the new wireless access port, restrict traffic to deny traffic to 
> all IP's other than your routers IP on the internal subnet from the access point, so if your router IP is 192.168.0.1 
> and subnetmask 255.255.255.0 then on the firewall deny all traffic to 192.268.0.2-254.  Connected to -
> Access Point set up for neighbours connected into another firewall port.
>
> There are of course some possible issues with sharing your internet connection including you may become legally 
> liable for all actions your neighbours perform online, potentially if you have internet limits imposed you may exceed 
> them.
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
> how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
> purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
> set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
> certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------



--
------
Doug Farre
(209) 677-7483

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------