Re: [PLUG] Wireless access - from a security expert

["Brian Stempin" <brian.stempin@gmail.com>]

Not to be Captain Obvious (c) here, but this seems like the *same exact* argument that was generated by a thread a few months back, with some (most?) of the same parties.  It's kind of senseless to argue philosophical issues on a technical mailing list.  Don't get me wrong...I'm all for expressing them (after all, I got involved in the last one, didn't I?), but I think some of the parties involved this time around haven't figured out that this is NOT the place to pick up converts.

Yes, it's true that out feeling on the meaning of security, the universe, and the number 42 shape the way we perceive and deal with these issues...but isn't it kind of silly to sit here and argue over making free calls to Japan and Bruce Schnier's home network?  It's not going anywhere.  Those who've expressed themselves more than once on the same point are doing nothing more than generating redundant flames on a redundant thread.  I think some of the people here are at a point where they have to agree to disagree.  Until someone (either side) comes up with a new (preferably compelling) argument, this thread is nothing more than a waste of bits.  

Please, stop re-arguing the same material! :p

On Dec 10, 2007 3:19 PM, Matthew Rosewarne <mrosewarne@inoutbox.com> wrote:

On Monday 10 December 2007, Jason wrote:
> In an enterprise environment, absolutely.  The article was targetted
> at home users.  You know a lot of home users that deploy multi-segment
> networks, IDS sensors, and VPN gateways?  I don't. :)

It's not about all that.  Regardless of whether you have a small network or a
big one, you need to use secure practises regardless.  That doesn't mean you
_need_ to run IDS, VPN, etc.  It only means you need to use your head, never
transfer anything confidential in the clear, since you can always assume
someone might be listening.  It makes no difference whether you have an open
AP, ethernet, or a dedicated line.

> If my goal was to offer up free Internet to my neighbors, sure, that's
> how I'd do it, or I'd deploy a 2nd access point on an isolated network
> that only got to the Internet.  Again, how many average folks are
> either capable of doing that, or have the desire to do that.  They
> just read a "security expert" telling them it's ok to have an open
> wifi network.  Lots of folks live within wifi range of public parks.
> I could sit on a bench and get personal financial info pretty easily,
> if they follow the advice given in the article.

They don't have to do any DMZ/VPN stuff.   That's only if you really want a
(well-secured) separate internal/external setup.

> That's the issue here - not how to design a proper enterprise
> deployment - but rather, how to keep from getting fleeced and taken
> advantage of.  I know plenty of people who take advantage of open wifi
> to download torrents of movies & music too.  Where would you like your
> subpeona sent, home or office? :)

You say you have an open AP.  There's no liability for unmonitored,
publicly-available services, just like a cafe wouldn't be liable for what
people do on their free wifi.

___________________________________________________________________________
Philadelphia Linux Users Group         --         http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug