|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Verizon FIOS & open wireles
|
- From: zuzu <sean.zuzu@gmail.com>
- To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
- Subject: Re: [PLUG] Verizon FIOS & open wireles
- Date: Tue, 2 Oct 2007 16:02:58 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=kXeIhNOptd6vzLQc8SdaZZDWxVqGtcEyiIr0MOfliws=; b=H4zbRoLFsJjdda5Tt49GulshYAvFYZCw6d5prgHKGIC0IBeh90aUMTvSrvM8nGaio53DvQw4O/YEm0HcnXj6FPF902/OuC0rXJQqnMokJQNNS2/d/NKRlFlzuxye4vzr9ZlgAuVM5flM1xFPHebp+EJhHfUsExxa4e3MEDlWG/Q=
- Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Sender: plug-bounces@lists.phillylinux.org
On 10/2/07, Brian Stempin <brian.stempin@gmail.com> wrote:
> > the "piggybacking problem" smells like FUD the same way that the "spam
> > problem" has always been FUD. (it's called naive bayesian filtering;
> > install one and practically never see spam again.)
>
>
> I think that saying "you don't need to secure your AP" is about as safe as
> saying "your home/business/whatever internet connection doesn't need a
> firewall". It just seems horribly counter-intuitive to me.
ok, but so does heliocentrism to most people.
> It's
> common-place in today's world to install some sort of firewall/router device
> on one's internet connection. This is mainly because it's generally
> accepted that leaving one's self wide-open is not a good thing. It seems
> kind of silly to me that most people will buy a router/firewall, and then
> create a wireless, self-announcing, back door.
this argument relies on circular logic.
I think stateful packet inspection firewalls between you and your ISP
are mostly about keeping out DoS attacks.
I dunno what machines you have on your network, and admittedly Windows
machines have a reputation for vulnerability even with "firewall"
software installed on them (instead they should be virtual machine
sandboxed with Xen or something), but whatever UNIX-like machines
(e.g. Linux, OSX) you have running should have their own solid
firewalls running. so you're hardly "wide open".
or, as I said, put any private services on a VPN to segregate it from
the "public" network.
however, noting that exposure from those within earshot of a wireless
signal is significantly smaller than exposure to the whole of the
internet is not insignificant either.
> As a real-life example:
> Would you leave your house door unlocked all of the time? Would you leave
> your keys in your unlocked car in an unlit alley-way all day and night?
> Sure, the chances of your car getting stolen are (depending on your
> area...for the sake of argument, I'm assuming one lives in the 'burbs)
> relatively slim. Are you willing to deal with the pain of financial loss
> and insurance paperwork, etc?
I'm fine with analogies, but comparing the access/copying of
information to tangible goods always seems to fall apart logically.
even so, I think a more fitting analogy would be an apartment
building. sure, locking the front door and asking people to buzz in
is common, but if everyone keeps their apartment door locked letting
anyone in to enjoy the heat and television in the lobby isn't a
problem. also I have a preference in favor of allowing virtual hobos
to enjoy my spare/unused "heat"/bandwidth.
> Then why make it easier for a thief/attacker? This is nothing short of silly
> when you take into consideration that most given thieves/attackers will
> choose the easiest target. By doing this, you're making yourself the
> easiest target.
because all security is a trade-off, as you also seem to imply... but
I don't think your security model holds up well to comprehensive
scrutiny. relying on a secure network creates inconsistencies for the
times when you're either using an unsecure network or the security of
the network has been compromised (knowingly or not). cognitive /
epistemological monitoring of devices has a significantly larger
chance in hell than monitoring a network over time.
> > mass-media counterculture has -- over approximately
> > the past 4 years -- tried to shout over the wireless community
> > grassroots efforts such as NoCat.net and FreeNetworks.org, with
> > repeatedly scaring people into "securing" their wireless access
> > points
> >
>
> I've got nothing against large mesh networks, but I would like some sort of
> piece-of-mind. It all comes down to convenience vs security. Is the
> benefit of said network greater than my potential risk?
>
> Is the convenience of leaving your access point open enough to deal with the
> consequences of someone else's misuse?
>
> Is the convenience of leaving your doors unlocked enough to deal with a
> robbery? Even if it only ever happens once?
> Not for me.
I think you're ignoring a kind of opportunity cost; a
well-crafted/dynamic security model will provide more genuine security
(perhaps irrelevant to "peace of mind") than arbitrarily adding locks
wherever you can to different facets of the system (which could be
worse in creating a _false_ sense of security).
maybe reading a Bruce Schneier book could explain this than I am now.
succinctly, however, so many random people use my network (with my
knowledge, such as friends, or without such as strangers) that I find
attempting to maintain security of the _network_ to be
counterproductive, next to spending my scarce time/attention on
maintaining security of the devices on the network. I can see how
"enabling WPA actually decreases the security of my network" can seem
counter-intuitive, but in practice I find this to be the case.
> On 10/2/07, zuzu <sean.zuzu@gmail.com> wrote:
> >
> > On 10/2/07, Marc Zucchelli <marcz908@yahoo.com> wrote:
> > > I have never really worried about people abusing my internet connection.
> > > MOST people would be completely harmless, and the ones that are
> dangerous
> > > have to come within a close range to my house. Is this really THAT
> serious
> > > of an issue?
> >
> > I tend to lean conspiracy-theory on this, in that it seems to me that
> > an industry and mass-media counterculture has -- over approximately
> > the past 4 years -- tried to shout over the wireless community
> > grassroots efforts such as NoCat.net and FreeNetworks.org, with
> > repeatedly scaring people into "securing" their wireless access
> > points. I suspect the hardware manufacturers and the
> > telecommunications companies fear a real software defined radio
> > wireless mesh network emerging from wireless community networks.
> >
> > the "piggybacking problem" smells like FUD the same way that the "spam
> > problem" has always been FUD. (it's called naive bayesian filtering;
> > install one and practically never see spam again.)
> >
> > I leave all my wireless access points open, and I run an I2P strong
> > cryptography onion routing gateway. there's probably tons of crazy
> > packets using my IP as an outpoint, but I also have tons of plausible
> > deniability.
> >
> > p.s. I think "net neutrality" and "tiered internet" debates (both
> > sides) are FUD too. routing all traffic through I2P makes deep packet
> > inspection impossible and would ensure that ISPs continue to simply
> > overprovision the networks as they should (especially since analysis
> > of total cost of operation shows that overprovisioning is cheaper than
> > packet shaping).
> >
> > > jeff <jeffv@op.net> wrote:
> > > gabriel rosenkoetter wrote:
> > > > I don't understand when it became a bad idea to share ones Internet
> > > > connection on purpose.
> > >
> > > My guess would be when it became popular to hijack/hack connections.
> > >
> > >
> > > > Being open (and neighborly) is not mutually exclusive with keeping
> > > > your own systems secure.
> > >
> > > if this were the 50's (yes, my wireless has tubes), I'd be right there
> > > with you. Unfortunately I'm kinda stuck with the belief that if you
> > > leave a door open, people will start coming through it (in a bad way).
> > >
> > > There might be an undocumented hole in my setup. I might have forgotten
> > > to patch something. Imo, there are too many negative types about even
> > > to allow cordoned off access. Mind you, if my neighbor needed it, I'd
> > > find a way.
> >
> > can I assume for a moment that you use a laptop? so you never use an
> > untrusted network with said laptop?
> >
> > > P.S. with one of the aftermarket wireless OSes (dd-wrt, et al), you can
> > > allegedly jack up the output of your wireless.
> >
> > for anyone with a modicum of computer savvy, DD-WRT Linux (or any
> > other OpenWRT like distribution) seems almost necessary at this point.
> > to which, if you're worried about neighbors hosing your connection to
> > your detriment, I think DD-WRT makes it easy enough to throttle any
> > unrecognized MAC address (or at least packet shape against bittorrent
> > and ed2k).
> >
> > or just setup a VPN to discriminate traffic. (also a good idea for
> > the roaming laptop problem.)
> >
> ___________________________________________________________________________
> > Philadelphia Linux Users Group --
> http://www.phillylinux.org
> > Announcements -
> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > General Discussion --
> http://lists.phillylinux.org/mailman/listinfo/plug
> >
>
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements -
> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion --
> http://lists.phillylinux.org/mailman/listinfo/plug
>
>
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|