Rich Freeman on 27 Jan 2013 13:43:08 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] hide windows resource

On Sun, Jan 27, 2013 at 3:50 PM, Michael Leone <> wrote:
> On Sun, Jan 27, 2013 at 3:45 PM, Ron Kaye Jr <> wrote:
>>  how would a guest know a sharename?
> Are you trying to protect against? Just casual users who might want to
> use the free wifi while they wait for a church function to begin, or
> somebody who might have even a modicum of hacking knowledge, or even a
> free scanning tool?

Considering that you're talking about an unsecured wireless access
point, I'd plan on a reasonably sophisticated hacker.  Anybody can get
in with a parabolic antenna at considerable range.

If you set up a rule on the router then the attack surface is limited
against exploits in the router itself.  If you rely on securing every
host inside the LAN then your attack surface is every person who has
administrative access to any device in the network, which in the
Windows world is everybody and their uncle.  All it takes is one
person misconfiguring something, or one PC without proper updates, and
somebody can get in and steal data or generally cause trouble.

I would STRONGLY recommend securing this at the router level.  That
just requires a single rule on the access point.  Host-level security
simply isn't good enough - I wouldn't trust strangers on my own LAN,
let alone one without any skilled IT maintenance.

Also, if your public WiFi is free to access internal resources then
chances are that staff will end up using that network by mistake,
sending everything in the clear.  That means more potential for
evesdropping, cookie stealing, and so on.

On a side note, I can't believe that nobody has come up with some way
of securing public access WiFi (beyond running your own VPN over it).
The router should encrypt every connection with every client using
separate keys to prevent clients from evesdropping on each other.
Access control should be on top of that, not in place of that.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --