Re: Wireless Security

[Kevin Reiter <tux () penguinnetwerx net>]

Herman Frederick Ebeling, Jr. wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I've got a question (actually a few) along these lines.  Let's say that a person
> has a Wi-Fi network setup at home.
> And they find out that some of their neighbors have accessed it.

They should've taken the time to properly configure their network using 
WEP/WPA/RADIUS/etc. so there isn't any outside/unwanted access.

> A)      What if any obligation to the neighbors does the person who initially setup
> the Wi-Fi network have?

None.  It's not the neighbor's network, and unless they have a written 
agreement in place (which I highly doubt they do) there's nothing the 
neighbors can do about it if the owner decides to pull the plug on it or 
slap a fat padlock around it.

> B)      What happens IF one neighbor goes in and reads/deletes msgs/files from
> another neighbor's computer is the person who
> initially setup the Wi-Fi network for their own use liable?

If there is bona fide proof (logs, etc.) that this happened, the person 
doing the invasive actions is liable, and depending on which country 
this happens to take place in, laws vary.  Unauthorized access is still 
unauthorized access.

> C)      Can the person who initially setup the Wi-Fi network legally go in and look
> around his/her neighbors computers?

No.  It's not their property, even if they're providing Internet access 
to other parties, either willingly or unwillingly.  That's also 
unauthorized access.

> D)      What if one the neighbors get a virus, is the person who initially setup the
> Wi-Fi network liable?

Not that I know of, but this is still under debate.  That's like suing 
an ISP if you get a virus.  They provide the vehicle to get online, but 
it's up to you to take the proper steps to protect yourself from 
viruses, intrusions, etc.  If you're using an unauthorized network (i.e. 
using someone else's poorly configured wireless network to gain Internet 
access without permission) and something happens to you, it's your own 
fault.

> E)      What if any expectations to privacy do the unauthorized users have?

If they are accessing a network without permission, that's illegal. 
There shouldn't be any expectations regarding privacy, and if there are, 
someone needs to be more informed in this area.


> Herman

Kevin

> - -----Original Message-----
> From: Daryl Davis [mailto:daryl () ultbingo com]
> Sent: Tuesday, 04 October, 2005 12:56
> To: security-basics () securityfocus com
> Subject: Wireless blocking
>
>
> I believe I have an unauthorized wireless router on my network.  I have been
> unable to physically find it as of yet.
>
> Does anyone know how to find the hidden SSID and then Jam it?
>
> Thank you.
>
> Daryl R Davis
> Digital Game Media, Inc.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 8.0.3
>
> iQA/AwUBQ01ORx/i52nbE9vTEQJiUgCeOOjX9N6x73SckuWo8IM3fRrF7NoAni3P
> b8FzLCft8X2qZYK7BYhdx+E3
> =9dp4
> -----END PGP SIGNATURE-----


--

It said "use Linux 2.4 kernel or better" so I installed FreeBSD.  Now 
everything runs better.  Why didn't they just tell me to do that to 
begin with?