Re: [fw-wiz] Discretionary WiFi Access

From: Jim Seymour (jseymour_at_linxnet.com)
Date: 07/21/05

  • Next message: Christine Kronberg: "Re: [fw-wiz] The Death Of A Firewall"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 21 Jul 2005 10:04:21 -0400 (EDT)
    
    

    Vinicius Moreira Mello <vmmello@inf.ufrgs.br> wrote:
    >
    > Jose Varghese wrote:
    > >
    > > Keeping it simple: Physical segregation and only Internet access
    >
    > Sorry, but I don't agree. If you deploy and maintain the network you'll
    > be liable for any legal action against you in case of misuse.

    Perhaps so, but irrelevant, in my view, because I feel responsibility
    trumps legal liability. IOW: Even were there no legal liability, it
    would be the height of irresponsibility to create an uncontrolled,
    un-monitored WiFi hot spot with unfettered access to the 'net.

    > Making
    > reality simpler is not the same as creating simple solutions.

    s/is not/is not necessarily/

    >
    > I would consider studying solutions #2 or #3 from John Adams's message.
    > There are some guides/howtos out there that show how to configure such
    > scenarios.

    The problem with those solutions is that not all clients will be
    supported by the newer WiFi protocols. Most 802.11b drivers don't
    support WAP, much-less 802.1x, for example. And even if they do
    support them, older implementations may need to be patched to get
    bug-fixes. Are *you*, the local network admin., going to take
    responsibility for patching a guest's PC? Then there'll be the
    administrative overhead in granting the guest access: Both server-side
    and client-side. For every visitor--coming and going. Are you, the
    local network admin., going to take responsibility for making
    configuration changes to a visitor's PC?

    Don't get me wrong: I agree that an open mode WLAN is a Very Bad Idea.
    But I don't see how John Adams' suggestions are practical, either.

    Am I missing something?

    Jim

    -- 
    Note: My mail server employs *very* aggressive anti-spam
    filtering.  If you reply to this email and your email is
    rejected, please accept my apologies and let me know via my
    web form at <http://jimsun.linxnet.com/scform.php>.
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Christine Kronberg: "Re: [fw-wiz] The Death Of A Firewall"