Security Basics mailing list archives
RE: Wireless access
From: "Keenan Smith" <kc_smith () clark net>
Date: Thu, 1 Apr 2004 08:04:15 -0500
I don't think it's a very productive thing for a bunch of techies to get sucked into a legal argument, of all things! However, it's been my experience that any statement that includes "you won't be liable" is probably wrong. First off, "reasonable effort" is a subjective term. What's reasonable to you or me may not be to the court. My ex-wife, in personal injury law, once told me that there's no such thing as "no-fault". Somebody is ALWAYS at fault. As soon as you establish fault, you establish liability. With that attitude from the legal profession, I don't think anything we EVER do will be completely protected. My opinion is to provide the best technical solution that can be implemented within the budget and hope for the best. KC Smith kc_smith () clark net -----Original Message----- From: Mitchell Rowton [mailto:mrowton () bdo com] Sent: Tuesday, March 30, 2004 12:51 PM To: jswhitford () acm org; Robert.Mezzone () PJSolomon Com; security-basics () securityfocus com Subject: RE: Wireless access This reminds me of an old conversation. Will you be liable if one extranet partner uses your connection to bad things to another extranet partner? I don't think there was ever a firm answer from legal. But its my (NOT LAWYER) opinion, that if you make a reasonable effort to keep things like this from happening i.e changing and disabling broadcast of the SSID, then you won't be liable. You have to strike a balance between how much time=money you are willing spend to protect someone else from someone else. I would be a good internet citizen, and make certain configuration changes to restrict this type of incidental use, but I would not recommend spending money (on a firewall for example) on this type of circumstance. -- Mitchell
Robert Mezzone <Robert.Mezzone () PJSolomon Com> 03/29/04 12:17PM >>>
As an example, what happens if a person (unknowingly) connects wirelessly and downloads a music file? They are outside our firewall but they are still connected to our network. Wouldn't the company still be liable? Thanks. Robert NOTICE: The contents of this email and any attachments to it may contain privileged and confidential information from BDO Seidman, LLP. This information is only for the viewing or use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of, or the taking of any action in reliance upon, the information contained in this e-mail, or any of the attachments to this e-mail, is strictly prohibited and that this e-mail and all of the attachments to this e-mail, if any, must be immediately returned to BDO Seidman, LLP or destroyed and, in either case, this e-mail and all attachments to this e-mail must be immediately deleted from your computer without making any copies thereof. If you have received this e-mail in error, please notify BDO Seidman, LLP by e-mail immediately. ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Wireless access Keenan Smith (Apr 01)