Firewall Wizards mailing list archives

Re: Interlopers on the WLAN

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 5 Nov 2002 22:20:58 -0500 (EST)

On 5 Nov 2002, Frank O'Dwyer wrote:

I think it ought to make a difference if an attempt has been made to
secure the network. Otherwise you are expecting people to read your mind
as to whether you intend the network to be private or not. For all its
faults, WEP is at least a fairly large clue that the network is intended
to be private.

But if you haven't even turned WEP on, then who's to say whether your
network is supposed to be for employees only, or an access hotspot for
anyone who passes by. It's not like you left your door unlocked or
something, it's more like you hung a big orange sign on your door saying
"welcome!". The very fact that you're broadcasting the ESSID with no
security measures whatsoever could be reasonably construed as a public
invitation to connect.

Similarly if you had a publicly accessible system which popped up
"welcome to the foo system" and logged you straight in with no password,
(rather than "this system is private property and unauthorised access is
not permitted", followed by a login prompt) then you would (and should)
have a tough time pressing charges against anyone who connected.


What's interesting about this point, is there are a number of public
access AP's in various cities/countries available, including many if not
most all airports, at least here in the states.  Thus, it seems perhaps
there might well be a solid basis for those jumping into your open wlan
that they in fact considered it a public access point.  All the more
reason to invoke WEP with the addition of Banners to announce the privacy
of the wlan.  Of course the importance of banners has long been argued in
the security related lists.


Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Interlopers on the WLAN Philip J. Koenig (Nov 05)
- Re: Interlopers on the WLAN Al Potter (Nov 05)
- Re: Interlopers on the WLAN Mikael Olsson (Nov 05)
- Re: Interlopers on the WLAN Frank O'Dwyer (Nov 05)
  - Re: Interlopers on the WLAN R. DuFresne (Nov 06)
    - Re: Interlopers on the WLAN Philip J. Koenig (Nov 06)
    - Re: Interlopers on the WLAN R. DuFresne (Nov 06)
  - RE: Interlopers on the WLAN Bill Royds (Nov 06)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
    - RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
    - RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
    - RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
    - RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)

(Thread continues...)