North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: Wireless insecurity at NANOG meetings
- From: JC Dill
- Date: Mon Sep 23 12:35:32 2002
On 07:19 AM 9/23/02, Steven M. Bellovin wrote:
>>I can't say without a sniffer, but I'd bet that most NANOG participants are
>>doing the same: SSH or IPsec VPN's back to home (wherever that is).
>Experience doesn't support this, I fear. How many passwords were
>captured last time?
Passwords to *what*? Not all passwords need to be kept secret. When I
login to read slashdot, I don't much care if someone sniffs the username
and password. Just because a password was captured doesn't mean that
knowing the username/password gives you access to anything special.
Going back to that lock and door analogy, it's like when you have a latch
on the front gate. It's there to keep the gate from swinging in the
breeze, to keep dogs and kids who are playing on the street from aimlessly
wandering into your front garden, etc. It's no big deal if other people
can figure out how to work the latch and get into my yard.
There are some things I keep behind latched gates. Other things are kept
behind a locked door with a simple doorknob lock (easily picked or
forced). Other things are behind a door with a deadbolt lock. Other
things are behind a combination padlock. Some things are in a safety
deposit box in the bank vault. We don't need to keep all valuable things
in the safety deposit box, and we don't need to lock down the WLAN at NANOG
as if it were access to a bank's intranet.