Full Disclosure mailing list archives
Re: Wireless ISPs
From: Chris Adams <chris () improbable org>
Date: Tue, 11 May 2004 20:52:35 -0700
On May 11, 2004, at 17:24, Kurt Seifried wrote:
Folks. WEP is POINTLESS for public access points.
s/ for.*//WEP/WPA/LEAP/802.1x and anything else which puts trust at the network level are close[1] to snake-oil - even if they actually worked as promised the only thing you get is a false sense of security because there's this assumption that the rest of the network is trustworthy. You get far more real security simply enabling the strong end-to-end crypto in the products you already use and you save a ton of money by not chasing the latest acronyms, too.
Now a technical person can do something like SSH port forwarding and stuff all their email traffic and web browsing through a secure system on the outside. But someone like my mother is supposed to do what exactly? Have acolocated machine somewhere she can VPN off of, or SSH port forward?
Check the "Use SSL" box in her email client, optionally switching to a competent ISP if this doesn't work.
We recently switch our POP/IMAP services over to a mandatory-SSL config and used the same approach other people in this thread have mentioned: 3 months of warnings and then disabling the insecure versions. The only problems we had were a couple of people with antique Eudora installs who didn't want to upgrade. Other than that there was no grumbling thanks to an ettercap demonstration and the extremely low amount trouble/benefit ratio - we get far more whining each time we suggest that people install the latest Windows / Office security updates.
It's just not that hard to deploy SSL any more since almost any network client in common use includes SSL support by now - the biggest exception is file sharing and it's not like people are used to doing Windows networking over the internet - the worms have seen to that.
Chris[1] I say close because it may be legally useful to say the network was restricted if you need to sue a spammer or something.
Attachment:
smime.p7s
Description:
Current thread:
- Re: Wireless ISPs, (continued)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Jeff Workman (May 11)
- Re: Wireless ISPs Maarten (May 11)
- Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Ron DuFresne (May 12)
- Re: Wireless ISPs KUIJPERS Jimmy (May 12)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Frank Knobbe (May 11)
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Kurt Seifried (May 11)
- Re: Wireless ISPs D B (May 11)
- Re: Wireless ISPs Chris Adams (May 11)
- Re: Wireless ISPs Sean Milheim (May 11)
- Re: Wireless ISPs Valdis . Kletnieks (May 11)
- Re: Wireless ISPs Scott Taylor (May 11)
- RE: Wireless ISPs Aditya, ALD [Aditya Lalit Deshmukh] (May 12)
- Re: Wireless ISPs Valdis . Kletnieks (May 12)