Re: [PLUG] hide windows resource

Rich Freeman on 27 Jan 2013 13:43:08 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] hide windows resource

From: Rich Freeman <r-plug@thefreemanclan.net>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] hide windows resource
Date: Sun, 27 Jan 2013 16:43:02 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=VSItcCuxLk0Uy2kSXYzza7nnnVuWqnziNlCiP/YSVK0=; b=yBIcJa1uB0Lex9Mg5UPUCydsTDYuQiQfWqtUsCDqjkTAXvNgZA+0m+YrYQc+Ywm2k2 o4j0QBVQAsOSP5l23z86TFFkaCkUEA3+NQ/e7KdT4xEFscLl/smKaP1ZKbdkRQzadU+f nn0mKl8qVdI8c+ElgbXt2skssDqm64/bZpnU0OOc0IYSPbd6P/Cl4G6NutQ4mAwBeplp RbCigvsPth2Q1WvQR0JzcKh8uFEv9bsfz3pYKix8E0KurAkQMWuuGzEtnkUHElFiQqyc CxTOa4RQPYFoeSRR/GnAdokqq73VloqzAvJwSFtjymht1xgdjDAsW60Q6ZMkuaMN8Xbm I10g==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: plug-bounces@lists.phillylinux.org

On Sun, Jan 27, 2013 at 3:50 PM, Michael Leone <turgon@mike-leone.com> wrote:
> On Sun, Jan 27, 2013 at 3:45 PM, Ron Kaye Jr <rekaye1005@verizon.net> wrote:
>>  how would a guest know a sharename?
>
> Are you trying to protect against? Just casual users who might want to
> use the free wifi while they wait for a church function to begin, or
> somebody who might have even a modicum of hacking knowledge, or even a
> free scanning tool?

Considering that you're talking about an unsecured wireless access
point, I'd plan on a reasonably sophisticated hacker.  Anybody can get
in with a parabolic antenna at considerable range.

If you set up a rule on the router then the attack surface is limited
against exploits in the router itself.  If you rely on securing every
host inside the LAN then your attack surface is every person who has
administrative access to any device in the network, which in the
Windows world is everybody and their uncle.  All it takes is one
person misconfiguring something, or one PC without proper updates, and
somebody can get in and steal data or generally cause trouble.

I would STRONGLY recommend securing this at the router level.  That
just requires a single rule on the access point.  Host-level security
simply isn't good enough - I wouldn't trust strangers on my own LAN,
let alone one without any skilled IT maintenance.

Also, if your public WiFi is free to access internal resources then
chances are that staff will end up using that network by mistake,
sending everything in the clear.  That means more potential for
evesdropping, cookie stealing, and so on.

On a side note, I can't believe that nobody has come up with some way
of securing public access WiFi (beyond running your own VPN over it).
The router should encrypt every connection with every client using
separate keys to prevent clients from evesdropping on each other.
Access control should be on top of that, not in place of that.

Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

References:
- Re: [PLUG] hide windows resource
  - From: Ron Kaye Jr <rekaye1005@verizon.net>
- Re: [PLUG] hide windows resource
  - From: Michael Leone <turgon@mike-leone.com>

Prev by Date: Re: [PLUG] Raspberry Pi
Next by Date: Re: [PLUG] Raspberry Pi
Previous by thread: Re: [PLUG] hide windows resource
Next by thread: [PLUG] Raspberry Pi
Index(es):
- Date
- Thread