I respectfully disagree with your recommendation, and I would hope you
wouldn't recommend that to your customers. Well, at least I would hope you
would take into consideration the company's business, the need for
accessibility, (even if on a public access point) and the risk to the
company presented by said connectivity.

A quick-n-dirty solution to this problem (and my blanket recommendation to
anyone without assessing need/risk/etc) is firewall on the laptop plus a VPN
connection to the company/home over *any* wireless connection, trusted or
not, WEP'd or not.

More in response to Steve's comments, I wouldn't worry about TMobile
sniffing your traffic or capturing information; this would IMO, provide a
very clear privacy violation. I would worry more about the billing
information you freely gave them, and whether their TOS allows for direct
marketing or the sale of said information.

>From the sniffing side, I'd worry more about someone sitting in the same
Starbucks capturing your traffic for later decryption, while on the same
TMobile hotspot. This risk is no more or less dangerous on an open/free
hotspot. The problem with WEP is this excessive false sense of security.
Yes, WEP defeats the majority of those that might only casually sniff
traffic for kicks. If someone is dedicated enough to set up an open hotspot
and install an inline sniffer to capture traffic, the same person could just
sniff enough traffic to crack the WEP key and capture the same traffic.

So, this is where the VPN recommendation comes into play. Sure, you want to
decrypt my WEP'd traffic, go right ahead. You'll just get more encrypted
traffic, that, if set up properly, isn't nearly as easily decrypted. In
addition, by requiring VPN over public Aps (as the security guru of our
imaginary company) I can also continue to monitor/block access to
inappropriate material, monitor for information leakage, policy violations,
etc. that I might be doing on my LAN.

There are of course numerous other things that I would recommend or do,
education being the first and most important, but VPN is a great start.

-John

> -----Original Message-----
> From: tcwug-list-bounces at tcwug.org 
> [mailto:tcwug-list-bounces at tcwug.org] On Behalf Of Mike Ellsworth
> Sent: Monday, June 07, 2004 1:04 PM
> To: sulrich at botwerks.org; 'Twin Cities Wireless Users Group List'
> Subject: RE: [TCWUG] Another point on the wifi hotspot 
> business model curve..
> 
> Steve,
> 
> Yeah, snorting traffic on public Websites is a risk that I 
> have been waiting for corporate America to finally realize. 
> Yet I don't see T-Mobile exploiting this possible advantage. 
> If I were in charge of corporate security for a company of 
> any size, I'd forbid employee use of public Wi-Fi.
> 
> 
> 
> -----Original Message-----
> From: tcwug-list-bounces at tcwug.org 
> [mailto:tcwug-list-bounces at tcwug.org] On Behalf Of steve ulrich
> Sent: Monday, June 07, 2004 12:34 PM
> To: mellsworth at stratvantage.com; Twin Cities Wireless Users Group List
> Subject: Re: [TCWUG] Another point on the wifi hotspot 
> business model curve..
> 
> when last we saw our hero (Monday, Jun 07, 2004),  Mike 
> Ellsworth was madly tapping out:
> > The most interesting thing I got from this article is 
> T-Mobile's claim 
> > that it is more secure (and more reliable) than free hotspots.
> > Anybody got any idea how they can claim that? I've used 
> their service 
> > and it wasn't running any security as far as I could tell.
> 
> it's not just about link layer security.  when you put your 
> traffic onto an open hotspot from john doe you really don't 
> know what they're doing with your traffic.  it's not in the 
> best interests of a t-mobile or SP to harvest subscriber 
> traffic for their nefarious applications. 
> 
> i'm not saying that tmobile and other SPs can't sniff your traffic.
> but wifi with a branded hotspot probably isn't going to be 
> snorting all the traffic that goes by.  whereas you're more 
> likely taking your chance with the freebies.
> 
> further, many reputable carriers have the ability to do 
> things like virus/worm mitigation in their access 
> infrastructure.  that's nice if someone jacks into the same 
> segment and starts to hose you down with the virus of the 
> day.  such mechanisms would not be visible from the users persepctive.
> 
> as with many things in life if you're going have unprotected 
> packet exchange,  you have risks.  if you'd like to mitigate 
> those risks, slather on the protection with copious amounts 
> of crypto and f/ws.
> 
> > -----Original Message-----
> > From: tcwug-list-bounces at tcwug.org 
> > [mailto:tcwug-list-bounces at tcwug.org]
> On
> > Behalf Of Andy Warner
> > Sent: Monday, June 07, 2004 9:44 AM
> > To: wireless at tc-unwired.net; tcwug-list at tcwug.org
> > Subject: [TCWUG] Another point on the wifi hotspot business 
> model curve..
> > 
> > Apologies in advance if this ends up being one of those 
> > "subscriber-only" pages that drops you through to a login 
> screen; but 
> > the NYTimes carried the following article about the growth of free 
> > hot-spots, contrasted with the fortunes of pay-per-use hot spots; 
> > along with the struggle to find a sustainable business 
> model for the 
> > pay-per-use carriers.
> > 
> >
> http://www.nytimes.com/2004/06/07/technology/07wifi.html?8hpib
> =&pagewanted=a
> > ll&position=


_______________________________________________
Twin Cities Wireless Users Group Mailing List - Minneapolis/St. Paul, Minnesota
http://www.tcwug.org
tcwug-list at tcwug.org
https://mailman.real-time.com/mailman/listinfo/tcwug-list