[52230] in North American Network Operators' Group
Re: Wireless insecurity at NANOG meetings
daemon@ATHENA.MIT.EDU (Martin J. Levy)
Sat Sep 21 19:49:25 2002
Date: Sat, 21 Sep 2002 16:48:54 -0700
To: nanog@merit.edu
From: "Martin J. Levy" <mahtin@mahtin.com>
Cc: Kevin Oberman <oberman@es.net>, Sean Donelan <sean@donelan.com>
In-Reply-To: <20020921231144.264F05D03@ptavv.es.net>
Errors-To: owner-nanog-outgoing@merit.edu
>I agre security is sadly lacking, but it is probably impossible to
>implement in a conference environment.
Look this is a very simple issue. Sean's first post really pointed out that it's "bad form" for a set of operators to run an insecure network. I would believe that it's "good form" to at least try. It was stated that the network was not run by the "operators". OK, I accept that, but it's run by people with great (actually fantastic) connections to real operators (ie: us).
WEP may not be a good protocol, but it's better than nothing. If people thing it's hard to configure, then run two networks.. one without WEP and one with WEP.
Security is a relative thing... Normally security at the door to the nanog conference hall is "low", but that does not seem to bother many people. (Hence security at a "wired" locations within the conference is "low" making the WEP issue mute).
I would be happy to run on a wireless network with a specific SSID and no SSID beacon with a static WEP key. (I don't have LEAP, or other protocols on my laptop). Does this make my communications more secure? I don't know... Everything from my nanog laptop is VPN'ed anyway... hence already end-to-end encrypted.
I believe that Sean brought up a good point and something worth working on.
Even an incremental improvement at this upcoming meeting followed by another incremental improvement at the next meeting, etc. etc. will be a good thing.
BTW: WEP may not be a great protocol and people may believe there is a false sense of security. If this worries you, then I would recommend a note placed on the nanog web pages that states something like "all IP networking provided at the conference should be considered insecure, etc.".
Martin
PS: As for bandwidth "stealing". Heck... looking at the stats for previous nanog's, we are doing a poor job of using the provided bandwidth. I say... bring it on! (legal traffic only --- of-course!).