[52272] in North American Network Operators' Group
Re: Wireless insecurity at NANOG meetings
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Mon Sep 23 05:16:53 2002
From: "Steven M. Bellovin" <smb@research.att.com>
To: Sean Donelan <sean@donelan.com>
Cc: nanog@merit.edu
Date: Mon, 23 Sep 2002 05:16:03 -0400
Errors-To: owner-nanog-outgoing@merit.edu
In message <Pine.GSO.4.40.0209221641250.23761-100000@clifden.donelan.com>, Sean
Donelan writes:
>
>On Sun, 22 Sep 2002, Randy Bush wrote:
>> - the users need to be told how to operate more safely, use
>> end-to-end authentication and privacy, etc. it's a matter of
>> education. and the education will stand them in good stead
>> when they use 802.11 at starbucks, airports, etc. we do this
>> at ietf, but it is not allowed at nanog.
>
>Sunday afternoon is full of tutorials on lots of different subjects.
>Has anyone volunteed to conduct a Sunday tutorial on wireless security
>for users of "public" wireless networks?
>
>Although I think it is a mistake to think a wireless network security
>is different than using any other network you don't control. Most
>wireless security tutorials tend to concentrate on "securing" the
>wireless network instead of how to communicate over an untrusted
>network.
>
Precisely -- and it's precisely why I'm not a big fan of "wireless
security" as a discipline: my threat model for the wired network has
never been any different than for wireless...
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com ("Firewalls" book)