Firewall Wizards mailing list archives
Re: Interlopers on the WLAN
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 6 Nov 2002 02:57:20 -0500 (EST)
On Tue, 5 Nov 2002, Philip J. Koenig wrote: [SNIP]
So in regards to banners, I have a couple of questions/points. First of all, while banners can be argued for as a good way of ensuring "prosecutability" in a particular case, are there actually many cybercrime laws that require such notification in order for a violation of the law to take place? The California law I cited, for example, certainly doesn't have this kind of prerequisite. (although I'll admit it might make someone easier to prosecute)
As others have pointed out, you need to broaden the perspective on all the legalities some. While the law, criminal, might not make specific mention of banners, your insurance company might well take this into consideration. Also, civil law may well make this an issue, especially when your wlan allows others routes to do damage or DDOS others and they comeback seeking to sue you for lack of due dilligence.
Secondly, banners are perfectly logical and obvious on systems that are open via telnet, ssh, ftp etc.. but on a WLAN that may just be routing packets, I don't see a reliable way to guarantee anyone sees a "banner" when all they're doing is routing packets. (yeah if you assume all anyone wants to send/receive is http you could run an http proxy, but that doesn't cover all the bases either) Seems to me that ignorance is not a good defence for unauthorized network access, and claiming you "didn't know who owned it" doesn't seem to wash either. (if an interloper truly felt that permission was needed, if they didn't have *explicit* permission - not just "WEP isn't turned on" - then I'd argue they have no business hopping on. The problem, seems to me, is that people assume if it's not locked-up like Fort Knox with a bunch of guns at your head, it's "free for the taking". What I wonder about is this presumption that some arbitrary level of security features enabled is what distinguishes "public" vs "private". There certainly doesn't seem to be a consensus on that, and absent a consensus it seems like a case of "blame the victim" to me. This new WiFi security feature (WiFi Protected Access, or WPA - an early subset of 802.11i) shows some potential to solve some of this stuff by A) creating a standard 802.11 authentication method and B) eventually requiring the security features to default to "on".. although the only clue as to when this might happen in the documentation I've read is they say this will occur "someday". LOL. In the meantime, it seems the most WLAN equipment comes out of the box in default configuration with security turned off and it seems like a big stretch to me when a network configured in that way is automatically assumed to be "public".
There have been a number of threads mentioning how vendors tend to not secure their products on shipping or default installs. This is one of the reasons there are so many groups and lists and what not <bugtraq, firewalls mailing list, vuln-dev, vulnwatch, firewall-wizards, local infragard chapters, etc, etc> in which people try to get the word out and help others learn this is a dangerous medium in many respects for sharing data, information, and in which to engage in discussion, let alone do ones work. People need to educate themselves on the issues, especially those tasked with network design and network defence/monitoring to safegaurd their installs and deployments. The home user that connects his PC to the internet without at least a minimum of an updatable anti-virus product is in danger, to himself and a danger to others on the internet. Someone deploying wlan AP's in "out-of-the-box" unsafe default setups is as much a fool and a risk too themselves and others on the internet. Not that this pulls some responsibility from vendors shipping their toys in those uunsafe modes, but, there people have to vote with their dollars, as well as shout at their vendor reps and to the various help desk folks they need to contact to get the info to setup something with some sense of 'security' in mind. Doing nothing here to safe gaurd your network puts some of the onus upon yourself for the 'free-riders' and worse. In fact, doing nothing to change the unsafe defaults means others do not really have to connect actively to your AP or systems, they can passivley sniff all the traffic if they just want to pull all your private information together. And, they do not have to be in the parkinglot or accross the street to do so, they can cheaply acquire the means to do so at a much longer distance <http://sysinfo.com/wire1.html http://sysinfo.com/wired2.html>. Of course, if you catch an intruder, try and get the legal authorites involved and see what is really required in damage layouts to really get someone to show up to do more then merely take a report on the issue. It's kinda like when you report your car has been vandalized, you certainly are not going to expect the police or other legal authoriities to comeout and take fingerprints and photos and send ot the search dogs to apprehend the culprit. Then again, should this wlan you are putting up connect into your *firewalled* wired systems/network, you not only have changed the defaults, and enabled wep, but, require a strong vpn to get inside, which might be the place for a banner notice or popup window of similair statment. Thanks, Ron DuFresne <remember; what you don't know and do not do, can hurt you> -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Interlopers on the WLAN Philip J. Koenig (Nov 05)
- Re: Interlopers on the WLAN Al Potter (Nov 05)
- Re: Interlopers on the WLAN Mikael Olsson (Nov 05)
- Re: Interlopers on the WLAN Frank O'Dwyer (Nov 05)
- Re: Interlopers on the WLAN R. DuFresne (Nov 06)
- Re: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- Re: Interlopers on the WLAN R. DuFresne (Nov 06)
- Re: Interlopers on the WLAN R. DuFresne (Nov 06)
- RE: Interlopers on the WLAN Bill Royds (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 06)
- RE: Interlopers on the WLAN Philip J. Koenig (Nov 06)
- RE: Interlopers on the WLAN Frank O'Dwyer (Nov 09)