[157334] in North American Network Operators' Group
Re: Detection of Rogue Access Points
daemon@ATHENA.MIT.EDU (Sean Harlow)
Mon Oct 15 21:17:25 2012
In-Reply-To: <CAK__KzsFLwNyHk2gS+V8d6o8pmNzYbRGV23b2bHgGnfn0v+sRA@mail.gmail.com>
Date: Mon, 15 Oct 2012 21:17:11 -0400
From: Sean Harlow <sean@seanharlow.info>
To: George Herbert <george.herbert@gmail.com>
Cc: nanog@nanog.org, Joe Hamelin <joe@nethead.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, Oct 15, 2012 at 8:44 PM, George Herbert <george.herbert@gmail.com>wrote:
> This solution - the "don't care" solution - almost fails the
> negligence test for certain security regimes including PCI (credit
> cards) and possibly SOX for retail data locations (and HIPPA for
> hospitals / medical locations, etc).
>
Of course, and this is where the situational judgement comes in to play.
The low-security environments I was envisioning are those more like my own
office, where the only on-site server is basically a homebrew NAS storing
music/movies for slow days. We've jumped head first in to the Google Apps
system so all files, mail, etc. are there. Payments and any other
customer-facing services are on servers hosted in a proper datacenter,
never coming close to the office LAN, so our actual risk is basically the
same as that of a home user. The boss using his laptop on public WiFi
worries me a lot more than someone gaining access to our network.
If you take payments on-premise and transmit them over the network, it's
obviously another story entirely.
