[TCWUG] Why secure your WLAN?

Thu Aug 14 16:55:20 CDT 2003

On Thu, Aug 14, 2003 at 04:06:37PM -0500, Andrew Zimmer wrote:
> Yes, security does matter.  It will matter for as long as we all will
> live.  Why are manufacturer including WEP on their hardware at all?  I
> doubt that it is cost effective to.  In the business environment,
> security is becoming priority number one it is not already.

They include WEP because, iirc, it's a required part of the standard
for the rubber stamp saying you're WiFi compatible.

> The way I see wireless access points is that they are like a door.  You
> an either leave it open or close the door with WEP or some other more
> advanced security.  I think an open door is generally regarded as
> inviting but maybe it depends on the context.  What does non-secure
> 802.11 from an unknown source in my house say?  Hop on the network or
> say off?

Do you drive around looking for open doors, then stop and tell those
people how insecure their home is because it's open? Some people
don't mind neighbors coming in, some people find it more convenient,
and others just weigh the chances of theft vs. convenience and decide
to leave the door open.

> Anyways, it should not and does not have to be about
> annoying/scaring/threatening/blackmailing, it should be about education
> and cooperation.  If TCWUG isn't informing and working with the public
> then what is it for?  TCWUG should be helping people setup open networks
> as correctly as we can in their neighborhood either by doing site
> surveys, recommending hardware, basic guidance on AP setup, and just
> spreading the wireless word.

People interpret it as annoying, scary, threatening, and blackmail. People
can't be bothered to program their VCR to stop flashing 12:00, they aren't
interested in the configuration of their WAP -- it works, thats all they 
care about. We aren't the wireless police, we can give advice -to people who
care to ask-. A lot of people are perfectly happy to let people use their
access point as long as it doesn't involve any further hassle (ie, maintaining
a captive portal type system).

The TCWUG is not a cause (secure the planet, woohoo!), it's a group of people
interested in wireless. If someone isn't interested in the group, they 
shouldn't be bothered by members. 

Why are you so insistant on bothering people about something they do not
want to hear? They don't want to know that their windows system is vulnerable,
they do not want to hear that their SUV is polluting the atmosphere, and
they certainly do not want to hear some techno babble about their oh-so-convenient
WAP. Consider the problems that people -on- the list have getting WEP setup
(40bit vs 104bit, incompatible keyphrase->hex generators, weak wep firmware, etc)
now consider not only informing, but *supporting* those people who simply want
to open their laptop, and get on the internet. 

I deal with these people every day, windows boxes trying to brute force
other windows systems, email worms, open proxies, hacked systems, open relays,
DDoS drones, etc.

their response is always:

       "IT WORKS FINE FOR ME, AND THATS ALL THAT MATTERS"

> Andrew

-- 
Matthew S. Hallacy                            FUBAR, LART, BOFH Certified
http://www.poptix.net                           GPG public key 0x01938203

_______________________________________________
Twin Cities Wireless Users Group Mailing List - Minneapolis/St. Paul, Minnesota
http://www.tcwug.org
tcwug-list at tcwug.org
https://mailman.real-time.com/mailman/listinfo/tcwug-list