Re: [fw-wiz] Interlopers on the WLAN

From: Philip J. Koenig (pjklist@ekahuna.com)
Date: 11/06/02


From: "Philip J. Koenig" <pjklist@ekahuna.com>
To: firewall-wizards@honor.icsalabs.com
Date: Wed Nov  6 09:09:54 2002

On 5 Nov 2002 at 22:20, R. DuFresne boldly uttered:

> On 5 Nov 2002, Frank O'Dwyer wrote:
>
> > I think it ought to make a difference if an attempt has been made to
> > secure the network. Otherwise you are expecting people to read your mind
> > as to whether you intend the network to be private or not. For all its
> > faults, WEP is at least a fairly large clue that the network is intended
> > to be private.
> >
> > But if you haven't even turned WEP on, then who's to say whether your
> > network is supposed to be for employees only, or an access hotspot for
> > anyone who passes by. It's not like you left your door unlocked or
> > something, it's more like you hung a big orange sign on your door saying
> > "welcome!". The very fact that you're broadcasting the ESSID with no
> > security measures whatsoever could be reasonably construed as a public
> > invitation to connect.
> >
> > Similarly if you had a publicly accessible system which popped up
> > "welcome to the foo system" and logged you straight in with no password,
> > (rather than "this system is private property and unauthorised access is
> > not permitted", followed by a login prompt) then you would (and should)
> > have a tough time pressing charges against anyone who connected.
>
> What's interesting about this point, is there are a number of public
> access AP's in various cities/countries available, including many if not
> most all airports, at least here in the states. Thus, it seems perhaps
> there might well be a solid basis for those jumping into your open wlan
> that they in fact considered it a public access point. All the more
> reason to invoke WEP with the addition of Banners to announce the privacy
> of the wlan. Of course the importance of banners has long been argued in
> the security related lists.

So in regards to banners, I have a couple of questions/points.

First of all, while banners can be argued for as a good way of
ensuring "prosecutability" in a particular case, are there actually
many cybercrime laws that require such notification in order for a
violation of the law to take place? The California law I cited, for
example, certainly doesn't have this kind of prerequisite. (although
I'll admit it might make someone easier to prosecute)

Secondly, banners are perfectly logical and obvious on systems that
are open via telnet, ssh, ftp etc.. but on a WLAN that may just be
routing packets, I don't see a reliable way to guarantee anyone sees
a "banner" when all they're doing is routing packets. (yeah if you
assume all anyone wants to send/receive is http you could run an http
proxy, but that doesn't cover all the bases either)

Seems to me that ignorance is not a good defence for unauthorized
network access, and claiming you "didn't know who owned it" doesn't
seem to wash either. (if an interloper truly felt that permission was
needed, if they didn't have *explicit* permission - not just "WEP
isn't turned on" - then I'd argue they have no business hopping on.
The problem, seems to me, is that people assume if it's not locked-up
like Fort Knox with a bunch of guns at your head, it's "free for the
taking".

What I wonder about is this presumption that some arbitrary level
of security features enabled is what distinguishes "public" vs
"private". There certainly doesn't seem to be a consensus on that,
and absent a consensus it seems like a case of "blame the victim" to
me.

This new WiFi security feature (WiFi Protected Access, or WPA - an
early subset of 802.11i) shows some potential to solve some of this
stuff by A) creating a standard 802.11 authentication method and B)
eventually requiring the security features to default to "on"..
although the only clue as to when this might happen in the
documentation I've read is they say this will occur "someday". LOL.

In the meantime, it seems the most WLAN equipment comes out of the
box in default configuration with security turned off and it seems
like a big stretch to me when a network configured in that way is
automatically assumed to be "public".

--
Philip J. Koenig                                       
pjklist@ekahuna.com
Electric Kahuna Systems -- Computers & Communications for the New 
Millenium


Relevant Pages

  • Re: [fw-wiz] Interlopers on the WLAN
    ... > So in regards to banners, I have a couple of questions/points. ... when your wlan allows others routes to do damage or DDOS others and they ... > network access, and claiming you "didn't know who owned it" doesn't ... > eventually requiring the security features to default to "on".. ...
    (Firewall-Wizards)
  • Re: commercials, DVRs, refrigerator breaks, etc.
    ... have to watch shows through a sea of banners. ... the Network 23 mentality regarding blipverts is not much more than 20 ...
    (alt.tv.tech.hdtv)
  • Re: The amazing disappearing VBA code
    ... It is all attributable to Access 2007's enhancedsecurity features. ... It is on a share network drive that everyone accesses. ... the user level after 30 minutes, the database closes for that user. ... restore. ...
    (microsoft.public.access.modulesdaovba)
  • Logon Failure
    ... Recent Security Features from Windows Update Site. ... My workgroup authentication could not work, ... on the Network could not be accessed. ...
    (microsoft.public.win2000.security)
  • Re: Network Bootable Floppy Disk for Win2003
    ... registry and disabled some security features. ... Phillip Windell www.wandtv.com "Mark Zhang" wrote in message ... > Anybody know where to find utility to create network> bootable floppy disk for shares created on win2003 network? ...
    (microsoft.public.windows.server.networking)