North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Wireless insecurity at NANOG meetings
- From: David Diaz
- Date: Mon Sep 23 10:21:59 2002
Actually, from a legal standpoint, you put locks on the door same
reason as u would on the wireless. Otherwise an invitation could be
implied. It's hard for someone to argue that they were invited if
they had to use breakin tools. Otherwise I dont think anyone would
have a case, public area, public use lan.... If I was walking through
a hotel and found an open LAN I would assume it was there for a perk
of the hotel.
I still dont see the problem with either side of this discussion. If
we had a minor amount of security, I think the nanog goers could
easily figure it out. If not, a little friendly assistance from the
person sitting next to you and you might just have made a friend.
Payoff with a simple beer later would suffice.
Actually I believe it was Bill Woodcock that sent me mac drivers back
in 1997 for the wireless. I may still owe him a beer though.
At 9:04 -0500 9/23/02, Stephen Sprunk wrote:
Thus spake "Sean Donelan" <email@example.com>
There is no useful security mechanism that can be applied to NANOG wireless.
The wireless networks at NANOG meetings never follow what the security
professionals say are mandatory, essential security practices. The NANOG
wireless network doesn't use any authentication, enables broadcast SSID,
has a trivial to guess SSID, doesn't use WEP, doesn't have any perimeter
firewalls, etc, etc, etc. At the last NANOG meeting IIRC over 400
stations were active on the network.
WEP assumes a black-and-white security model, just like most VPNs:
if a user is
on the "inside", they're fully trusted. This is somewhat reasonable in the
corporate world, where all of the users are employees who are responsible to a
common entity, but it has no application to NANOG or other public events where
none of the users are responsible to the operator, much less have
any trust for
each other. There is no sense giving people the illusion of security here.
Many corporations are going to open access-points "outside" their firewall and
requiring per-user VPNs to access any data-center resources. This is the
simplest (and cheapest) solution to deploy and offers security folks the best
options for AAA besides.
I can't say without a sniffer, but I'd bet that most NANOG participants are
doing the same: SSH or IPsec VPN's back to home (wherever that is).
isn't is begging to be hacked, WEP or not. Anyone interested in hacking NANOG
attendees' networks is likely a NANOG attendee himself. Caveat attendor.
Smotons (Smart Photons) trump dumb photons