RE: CRIME Driveby DOS

From: Zot O'Connor (zot@private)
Date: Wed Oct 23 2002 - 11:49:32 PDT

  • Next message: scott ellis: "RE: CRIME Attack on the Internet Core"

    On Mon, 2002-10-21 at 17:10, Andrew Plato wrote:
    > While you might not be liable, you certainly could have to spend a lot
    > of time and money explaining yourself. Not to mention the bad PR you
    > might get if your network was taken over and used to attack somebody
    > else's network. 
    
    You are most likely liable in a "attractive nuisance" manner.  If people
    with pools have to protect the neighborhood kids from trespassing and
    failing to swim when immersed in water, then our court systems will most
    likely transfer responsibility to the people who own the network.
    
    This has not happened *yet* probably for two reasons:
    
    1)  No one was been killed by an insecure wireless network.  While
    sufficient high might do it, most precedents are set for heinous crimes
    and then the lowlife layers water it down to mean "anything that gets
    me, I mean my client money."
    
    2)  The state of security on the systems is poor.
    
    3)  Juries are not going to understand the issues.  One day though, they
    will understand "For little cost you *could* have secured your network,
    and you *chose* not too!  What kind of citizen are you!"
    
    
    
    
    
    > I have one customer where we devised a rather ingenious way to protect
    > their wireless network - we automatically power down all the gateways at
    > night and after business hours. 
    
    We've been preaching this approach for over a year now.  Few people are
    willing to take the time to do it, even though a $10 coffee pot timer
    will do the trick.
    
    We've even recommended this for years for firewalls.  If no one is home,
    no one is listening.  Mail should be outside anyway.
    
    
    > Coupled with host IDS, firewalls, and a
    > few other goodies, it's a pretty safe network now. 
    
    Just run the a VPN gateway behind the wireless segment.  Refuse anyone
    to go past it without the client VPN, and you are done.  Run WEP and MAC
    filters, if you can, just to keep the casual eavesdroppers off the net.
    
    Therefore you have
            a) Strong Authentication of the users.
            b) Strong Encryption of the data.
    
    You are now *better* than the wired segments.
    
    
    
    -- 
    Zot O'Connor
    
    http://www.ZotConsulting.com
    http://www.WhiteKnightHackers.com
    



    This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 12:38:37 PDT