nanog mailing list archives
Re: Wireless insecurity at NANOG meetings
From: Randy Bush <randy () psg com>
Date: Sat, 21 Sep 2002 15:08:32 -0700
I'm waiting for one of the professional security consulting firms to issue their weekly press release screaming "Network Operator Meeting Fails Security Test." The wireless networks at NANOG meetings never follow what the security professionals say are mandatory, essential security practices. The NANOG wireless network doesn't use any authentication, enables broadcast SSID, has a trivial to guess SSID, doesn't use WEP, doesn't have any perimeter firewalls, etc, etc, etc. At the last NANOG meeting IIRC over 400 stations were active on the network. Are network operators really that clueless about security, or perhaps we need to step back and re-think. What are we really trying to protect?
the nanog net is not run by network operators. it is run by some well-meaning non-op folk from merit. for example, if i can gather the patience (unlikely), next week i will join the third conference phone call to try to explain to the merit folk why it's really ok to put vern's bro ids on the incoming. and the merit powers that be specifically forbid warning folk about the wireless, showing caught passwords, ... as we do at ietf. the nanog net is run *for* operators, not *by* operators. btw, the ietf/atlanta net will be run by operators. if you would care to discuss how to make the wireless safer, we're all for it. but do not be fooled that it is an easy problem. e.g., wep is a joke, and is very hard to get people to set up. randy
Current thread:
- Re: Whitehouse Tackels Cybersecurity, (continued)
- Re: Whitehouse Tackels Cybersecurity Steven M. Bellovin (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Jared Mauch (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 18)
- Re: Whitehouse Tackels Cybersecurity batz (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Brad Knowles (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Sean Donelan (Sep 19)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 18)
- Re: Whitehouse Tackels Cybersecurity Iljitsch van Beijnum (Sep 20)
- Wireless insecurity at NANOG meetings Sean Donelan (Sep 21)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 21)
- Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 21)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings Richard A Steenbergen (Sep 22)
- Re: Wireless insecurity at NANOG meetings Iljitsch van Beijnum (Sep 22)
- Re: Wireless insecurity at NANOG meetings Kevin Steves (Sep 22)
- Re: Wireless insecurity at NANOG meetings Joel Jaeggli (Sep 23)
- Re: Whitehouse Tackels Cybersecurity Steven M. Bellovin (Sep 18)
- Re: Wireless insecurity at NANOG meetings Randy Bush (Sep 22)
- Re: Wireless insecurity at NANOG meetings Sean Donelan (Sep 22)
- To late to add a Sunday Tutorial, base on MERIT data. Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)
- Re: Wireless insecurity at NANOG meetings John M. Brown (Sep 22)