RE: CRIME Driveby DOS

From: Jere Retzer (retzerj@private)
Date: Wed Oct 23 2002 - 13:21:26 PDT

Next message: Zot O'Connor: "RE: CRIME Driveby DOS"

Previous message: Quinby, Kris (MED): "RE: CRIME Driveby DOS"
Maybe in reply to: Jere Retzer: "CRIME Driveby DOS"
Next in thread: Zot O'Connor: "RE: CRIME Driveby DOS"
Reply: Zot O'Connor: "RE: CRIME Driveby DOS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

What does this say about the future of public "free" wireless networks?

>>> "Zot O'Connor" <zot@private> 10/23/02 11:49AM >>>
On Mon, 2002-10-21 at 17:10, Andrew Plato wrote:
> While you might not be liable, you certainly could have to spend a lot
> of time and money explaining yourself. Not to mention the bad PR you
> might get if your network was taken over and used to attack somebody
> else's network. 

You are most likely liable in a "attractive nuisance" manner.  If people
with pools have to protect the neighborhood kids from trespassing and
failing to swim when immersed in water, then our court systems will most
likely transfer responsibility to the people who own the network.

This has not happened *yet* probably for two reasons:

1)  No one was been killed by an insecure wireless network.  While
sufficient high might do it, most precedents are set for heinous crimes
and then the lowlife layers water it down to mean "anything that gets
me, I mean my client money."

2)  The state of security on the systems is poor.

3)  Juries are not going to understand the issues.  One day though, they
will understand "For little cost you *could* have secured your network,
and you *chose* not too!  What kind of citizen are you!"

> I have one customer where we devised a rather ingenious way to protect
> their wireless network - we automatically power down all the gateways at
> night and after business hours. 

We've been preaching this approach for over a year now.  Few people are
willing to take the time to do it, even though a $10 coffee pot timer
will do the trick.

We've even recommended this for years for firewalls.  If no one is home,
no one is listening.  Mail should be outside anyway.

> Coupled with host IDS, firewalls, and a
> few other goodies, it's a pretty safe network now. 

Just run the a VPN gateway behind the wireless segment.  Refuse anyone
to go past it without the client VPN, and you are done.  Run WEP and MAC
filters, if you can, just to keep the casual eavesdroppers off the net.

Therefore you have
        a) Strong Authentication of the users.
        b) Strong Encryption of the data.

You are now *better* than the wired segments.

-- 
Zot O'Connor

http://www.ZotConsulting.com
http://www.WhiteKnightHackers.com

Next message: Zot O'Connor: "RE: CRIME Driveby DOS"
Previous message: Quinby, Kris (MED): "RE: CRIME Driveby DOS"
Maybe in reply to: Jere Retzer: "CRIME Driveby DOS"
Next in thread: Zot O'Connor: "RE: CRIME Driveby DOS"
Reply: Zot O'Connor: "RE: CRIME Driveby DOS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 23 2002 - 14:09:17 PDT