Re: Wireless insecurity at NANOG meetings

["Steven M. Bellovin" <smb () research att com>]

In message <Pine.GSO.4.40.0209221641250.23761-100000 () clifden donelan com>, Sean
 Donelan writes:
> On Sun, 22 Sep 2002, Randy Bush wrote:
> >     - the users need to be told how to operate more safely, use
> >       end-to-end authentication and privacy, etc.  it's a matter of
> >       education.  and the education will stand them in good stead
> >       when they use 802.11 at starbucks, airports, etc.  we do this
> >       at ietf, but it is not allowed at nanog.
>
> Sunday afternoon is full of tutorials on lots of different subjects.
> Has anyone volunteed to conduct a Sunday tutorial on wireless security
> for users of "public" wireless networks?
>
> Although I think it is a mistake to think a wireless network security
> is different than using any other network you don't control.  Most
> wireless security tutorials tend to concentrate on "securing" the
> wireless network instead of how to communicate over an untrusted
> network.
Precisely -- and it's precisely why I'm not a big fan of "wireless 
security" as a discipline:  my threat model for the wired network has 
never been any different than for wireless...



                --Steve Bellovin, http://www.research.att.com/~smb (me)
                http://www.wilyhacker.com ("Firewalls" book)