Re: Wireless insecurity at NANOG meetings

[David Diaz]

Actually, from a legal standpoint, you put locks on the door same 
reason as u would on the wireless. Otherwise an invitation could be 
implied.  It's hard for someone to argue that they were invited if 
they had to use breakin tools.  Otherwise I dont think anyone would 
have a case, public area, public use lan.... If I was walking through 
a hotel and found an open LAN I would assume it was there for a perk 
of the hotel.

I still dont see the problem with either side of this discussion.  If 
we had a minor amount of security, I think the nanog goers could 
easily figure it out.  If not, a little friendly assistance from the 
person sitting next to you and you might just have made a friend. 
Payoff with a simple beer later would suffice.

Actually I believe it was Bill Woodcock that sent me mac drivers back 
in 1997 for the wireless.  I may still owe him a  beer though.

dave




At 9:04 -0500 9/23/02, Stephen Sprunk wrote:
> Thus spake "Sean Donelan" <sean@donelan.com>
> >  The wireless networks at NANOG meetings never follow what the security
> >  professionals say are mandatory, essential security practices. The NANOG
> >  wireless network doesn't use any authentication, enables broadcast SSID,
> >  has a trivial to guess SSID, doesn't use WEP, doesn't have any perimeter
> >  firewalls, etc, etc, etc. At the last NANOG meeting IIRC over 400
> >  stations were active on the network.
> There is no useful security mechanism that can be applied to NANOG wireless.
>
> WEP assumes a black-and-white security model, just like most VPNs: 
> if a user is
> on the "inside", they're fully trusted.  This is somewhat reasonable in the
> corporate world, where all of the users are employees who are responsible to a
> common entity, but it has no application to NANOG or other public events where
> none of the users are responsible to the operator, much less have 
> any trust for
> each other.  There is no sense giving people the illusion of security here.
>
> Many corporations are going to open access-points "outside" their firewall and
> requiring per-user VPNs to access any data-center resources.  This is the
> simplest (and cheapest) solution to deploy and offers security folks the best
> options for AAA besides.
>
> I can't say without a sniffer, but I'd bet that most NANOG participants are
> doing the same: SSH or IPsec VPN's back to home (wherever that is). 
> Anyone who
> isn't is begging to be hacked, WEP or not.  Anyone interested in hacking NANOG
> attendees' networks is likely a NANOG attendee himself.  Caveat attendor.
>
> S
--

David Diaz
dave@smoton.net [Email]
pagedave@smoton.net [Pager]
Smotons (Smart Photons) trump dumb photons