[52262] in North American Network Operators' Group
Re: Wireless insecurity at NANOG meetings
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sun Sep 22 21:55:57 2002
Date: Sun, 22 Sep 2002 21:55:20 -0400 (EDT)
From: Sean Donelan <sean@donelan.com>
To: nanog@merit.edu
In-Reply-To: <3D8E4703.B96CEE2B@greendragon.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 22 Sep 2002, William Allen Simpson wrote:
> I will agree that the security in WEP is almost useless, and have
> personally campaigned to change it for years. But, it is still the only
> Access Control widely available. So, it should be used, in addition to
> the better methods.
Access control should be used when you need access control. Sometimes
engineers need to step back from solving the problem, and look at whether
the problem needs to be solved.
What access control do you need for a public drinking fountain?
What access control do you need for a public wireless access point?
WEP won't keep people from hacking other laptops at Nanog meetings, and
won't stop people from sniffing plain-text passwords. Everyone at the
meeting will have the key, and a secret shared with 500 people won't stay
secret for even two days. For a network with no other access control,
what purpose does WEP serve?
