Home page logo
/

basics logo Security Basics mailing list archives

RE: Home wireless free hotspot
From: "Craig S. Wright" <craig.wright () Information-Defense com>
Date: Sat, 17 Apr 2010 17:06:58 +1000

First, listen to what Dave just said. Next, I am not your lawyer and nor do I want to act in this capacity.

Next, phone companies have a set of legislation that protects them. TOS agreements are contractual. They often do 
little to stop tortuous damage and do not hold against a third party not subject to the contract. 

Next, a TOS is worthless without consideration or if executed as a deed. 

The foremost dilemma with the study of electronic law is the complexity and difficulty in confining its study within 
simple parameters. Internet and e-commerce do not define a distinct area of law as with contract  and tort law. 
Electronic law crosses many legal disciplines, each of which can be studied individually.

In many cases, liability will depend upon how a court faced with a case of first impression analogises a particular 
Internet service provider to more conventional categories of information providers. For example, should the service 
provider be viewed as the equivalent of the telephone company, purely a conduit for information? This might be the 
right analogy for the telecommunications link provider, but clearly does not fit the publisher. On the other hand, if 
the provider is viewed as analogous to a publisher of a printed publication, there is a much greater exposure to 
liability.

Of particular confusion to the internet intermediary is the distinction between what is illegal and what is criminal. 
This, however, is not a distinction solely confined to electronic law. It is important to note that although many 
actions are illegal, they may not be criminal in nature. This is important as the evidentiary requirements in criminal 
cases are far stricter than in civil litigation. This is also reflected in the actions that the intermediary will be 
required to take, both to stop another party  who is involved in a criminal activity, and also counter to minimise the 
tortuous actions that they may be exposed to.

The US has introduced a detailed set of immunities is a part of the online copyright infringement liability limitation 
act [1] (contained within the Digital millennium Copyright act) in order to ratify the provisions of the WIPO Copyright 
Treaty [2]. These provisions provide immunity from prosecution to Internet intermediaries involved in the mere 
transmission of packets [3], who maintain automated cache Systems, who host third-party resources and those who provide 
search tools. There are conditions associated with these immunities. It is required that the Internet intermediary has 
a lack of knowledge of the transgression, but they do not receive direct financial benefit from it, and that they 
respect and do not try to bypass copyright protection technologies.

General immunity provisions have also been introduced within the US through the Communications Decency Act (1996) [4].  
This act introduced new criminal offences of knowingly creating, sending, transmitting or displaying of obscene or 
indecent materials to minors. This act introduced a number of “Good Samaritan” provisions permitting ISPs to introduce 
blocking or filtering technology while not becoming classified by the courts to be a publisher or editor. This allows 
an ISP to filter this material without assuming any responsibility for third-party content.

In the US, Congress has endorsed legislative protections for intermediaries from liability through defamation with the 
introduction of the Communications Decency Act .  In 47 U.S.C. §230, it is unambiguously positioned as regarding 
internet regulation  that the act introduced a series of “Good Samaritan provisions” as a part of the 
Telecommunications Act of 1996. This was tested in DiMeo v Max (2007),  in which the court found the defendant not 
liable for comments left by third parties on a blog. The plaintiff alleged that the defendant was a publisher of the 
comments hosted on the website but did not allege that the defendant authored the comments on the website or that the 
defendant was an information content provider. Under 47 U.S.C. § 230 (f)(3), the court determined  “the website posts 
alleged in the complaint must constitute information furnished by third party information content providers" and as a 
consequence immunity applied to the forum board operator. The Court upheld the dismissal of the suit.

The act, first passed in 1996  and subsequently amended in 1998,  has the apparent rationale of minimising Internet 
regulations in order to promote the development of the Internet and safeguard the market for Internet service.  The 
internet has consequently become so essential to daily life that it is improbable that the addition of extra 
legislation would intimidate service providers away from the provision of services at a competitive rate. 

In the US, 47 U.S.C. § 230(c)(1) provides a defence for ISPs stating that, “No provider or user of an interactive 
computer service shall be treated as the publisher or speaker of any information provided by another information 
content provider.”  This statute would seem  to afford absolute immunity from any responsibility. Contrasting the DMCA, 
the ISP or ICP could chose not to do away with material in the event that the ISP or ICP has tangible awareness of the 
defamatory nature of material it is in fact hosting.   Notwithstanding the focal point of this legislation having been 
towards liability for defamation, it has pertained to seemingly unrelated auction intermediaries, including eBay. 
Inside the European Union, judgments obtained in the courts of one state are enforceable in any other state included 
within the Brussels Convention. If not, a judgment in one state will be enforceable in another only where there is a 
bilateral treaty creating the provision for such reciprocal enforcement between them. Frequently, these treaties add 
formalities surrounding the enforcement process that offer the courts of the jurisdiction in which the defendant is 
situated prudence both as to a decision to enforce, or to what degree. It is consequently vital when deciding on a 
jurisdiction to bring suit to decide if any judgment obtained is enforceable against a defendant who may in effect be 
judgement proof.

NOW the Problems....
Not acting to correct a vulnerability in a computer system may give rise to an action in negligence if another party 
suffers loss or damage as the result of a cyber-attack or employee fraud. Given proximity [5], a conception first 
established in Caparo Industries Plc. v. Dickman, [1990] [6] and reasonable foreseeability as established in Anns v. 
Merton London Borough Council, [1978]  [7] A.C. 728, the question of whether there exists a positive duty on a party to 
act so as to prevent criminals causing harm or economic loss to others will be likely found to exist in the cyber 
world. The test of reasonable foreseeability has however been rendered to a preliminary factual enquiry not to be 
incorporated into the legal test.

The Australian High Court regarded a parallel scenario, whether a party has a duty to take reasonable steps to prevent 
criminals causing injury to others in Triangle Shopping Centre Pty Ltd v Anzil [8]. The judgment restated the principle 
established by Brennan CJ in Sutherland Shire Council v Heyman [9]. The capacity of a plaintiff to recover hinges on 
the plaintiff’s ability to demonstrate a satisfactory nexus (e.g. a dependence or assumption of responsibility) between 
the plaintiff and the defendant such that it gives rise to a duty on the defendant to take reasonable steps to prevent 
third parties causing loss to the plaintiff . Consequently, if a plaintiff in a case involving a breach of computer 
security could both demonstrate that the defendant did not in fact take reasonable measures to ensure the security of 
their computer systems (as against both internal and external assault), and they show the act of the third person (e.g. 
an attacker/hacker or even a fraudulent employee) occurred as a direct consequence of the defendant's own fault or 
breach of duty, then an action in negligence is likely to succeed [10].

Liability against an Intermediary, whether in the traditional view of ISP and ICP as well as that of employers and 
other parties remains a risk.

Civil Liability
The conduct of both agents and employees can result in situations where liability is imposed vicariously on an 
organisation through both the common law  and by statute.  The benchmark used to test for vicarious liability requires 
that the deed of the actor must have been committed during the course and capacity of their agency under the doctrine 
respondeat superior.  Principals’ liability will transpire when a `principal-agent' relationship exists. Dal Pont  
recognises three possible categories of agents:
(a)     those that can create legal relations on behalf of a principal with a third party; 
(b)     those that can affect legal relations on behalf of a principal with a third party; and 
(c)     a person who has authority to act on behalf of a principal.

Despite the fact that a party is in an agency  relationship, the principal is liable directly as principal as 
contrasting to vicariously, “this distinction has been treated as of little practical significance by the case law, 
being evident from judges' reference to principals as vicariously liable for their agents' acts” . The consequence 
being that an agency arrangement will leave the principle directly liable rather than vicariously liable.

Where the TOS is non-contractual. It can be argued that an agency exists. In the scenario supplied, the TOS is 
non-contractually based.

Direct liability for organisations or companies refers to the class of liability that occurs when it permits the 
actor's action. Lord Reid in Tesco Supermarkets Limited v Nattrass [11] formulated that this transpires when someone is 
"not acting as a servant, representative, agent or delegate" of the company, but as "an embodiment of the company" . 
When a company is involved in an action, this principle usually relates to the conduct of directors and company 
officers when those individuals are acting for or "as the company". Being that directors can assign their 
responsibilities, direct liability may encompass those employees who act under that delegated authority. The employer 
may be directly liable for the crime in cases where it may be demonstrated that a direct act or oversight of the 
company caused or accepted the employee’s perpetration of the crime.

The US case of Williams v America Online Inc [12], some of the difficulties that that may occur where demonstrated. In 
this case, Mr Williams started proceedings in Massachusetts stemming from a class action over the installation of AOL 
software. AOL asserted that the proceedings must commence in Virginia as the terms state Virginia was the exclusive 
jurisdiction or any claim. Mr Williams however argued that alterations to his computer came about before he agreed to 
the conditions. Mr Williams described the complicated process by which he had to "agree" to the conditions after the 
configuration of his computer had already occurred.

Further, Mr Williams demonstrated he was able to click, "I agree" without seeing the terms of service. This meant that 
the actual language of AOL's terms of service failed to display on the computer screen unless the customer specifically 
requested it, overriding the default settings. The court rejected AOL's assertions [13]. Although this was a contract 
case, the difficulties posed through the media add additional burdens to an already burdened system. So in this case, 
the license associated with the disseminated content was subverted by the ineffectiveness of the means of distributing 
it.

The 'karmic' nature of the wireless link precludes it's being covered under contractual provisions. At best, you would 
require a monitoring system and a means of responding to copyright violations, attacks etc. You are not a common 
carrier and just as with AOL [12], you cannot guarantee acceptance in any case.

If yo are looking for an opportunity to be liable for the actions of another, by all means go for it.

Regards,
...
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Information Defense Pty Ltd

PS, My LLM (Masters in Law) was on the topic of "The Impact of Internet Intermediary Liability" so I have some idea of 
the topic.


[1]  The Online Copyright Infringement Liability Limitation Act (OCILLA) is a portion of the Digital Millennium 
Copyright Act known as DMCA 512 or the DMCA takedown provisions. It is a 1998 United States federal law that provided a 
safe harbour to online service providers (OSPs, including ISPs, internet service providers) that promptly take down 
content if someone alleges it infringes their copyrights. Section 512 was added to the Copyright law in Title 17 of the 
United States Code (Public Law No. 105-304, 112 Stat. 2860, 2877).
[2]  The European Union's Electronic Commerce directive contains similar notice and takedown provisions in its Article 
14. In France, the Digital Economy Law ("Loi relative à l'économie numérique") implements this directive. In Finland 
"Laki tietoyhteiskunnan palvelujen tarjoamisesta" implements the directive.
[3]  The UK legislation, Statutory Instrument 2002 No. 2013, The Electronic Commerce (EC Directive) Regulations 2002 
states in section, “Mere conduit” is functionally equivalent to this provision.. 
[4]  Communications Decency Act (1996)
[5]  Proximity, a notion first established in Caparo Industries Plc. v. Dickman, [1990] 2 A.C. 605, is the initial 
phase of the assessment. The subsequent phase enquires as to whether there are policy considerations which would reduce 
or counteract the duty created under the initial stage. Mutually, the phases are to be met with reference to the facts 
of cases previously determined.  The dearth of such cases would not however avert the courts from finding a duty of 
care.
[6]  [1990] 2 A.C. 605
[7]  [1978] A.C. 728
[8]  Modbury Triangle Shopping Centre Pty Ltd v Anzil [2000] HCA 61.
  (1985) 157 CLR 424.
[9]  Dixon J elucidated how a “special relationship” of this variety may occur in Smith v Leurs (1945) 70 CLR 256. This 
case was derived from an indication of occurrences that entail a special danger and the control or of actions or 
conduct of the third person; See also [2000] HCA 61, para 140.
[10]  See: Clerk and Lindsell on Torts, 19th Edition (2006), Chapter 28, paragraph 28-05
[11] [1972] AC 153
[12] MARK WILLIAMS and another(1) vs. AMERICA ONLINE, INC. 2001 WL 135825 (Mass. Super., February 8, 2001)
[13]  "the fact the plaintiff may have agreed to an earlier terms of service for the fact that every AOL member enters 
into a form of terms of service agreement does not persuade me that plaintiff's ... have notice of the forum selection 
cause in the new terms of service before reconfiguration of their computers."

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dave Kleiman
Sent: Saturday, 17 April 2010 6:28 AM
To: security-basics () securityfocus com
Subject: RE: Home wireless free hotspot

**** Disclaimer: nothing I am stating here should be taken as legal advice, always consult with a licensed attorney in 
your jurisdiction!***


Reginald,

Really?  Maybe you should stop with the LOLs and do a little background on your topic.  Maybe you should not be giving 
legal advice, especially if you are not licensed attorney.  My guess is you have never been involved in a litigation 
matter and think it is very cut and dry?  Although the end results of all these cases are not decided for years, it 
seems it could tie you up in costly litigation for quite some time.  So although you may have a written agreement or 
even a protective law like the "The 2005 Protection of Lawful Commerce", it *may* not excuse your liability, you *may* 
end up in court with the judicial system deciding the outcome.


Just to show how your exampling is erroneous, for businesses (your example was gun manufactures/dealers) may feel they 
are protected by the 2005 Protection of Lawful Commerce.

"""Judge Weinstein lets suit against gun mfr proceed: A federal judge in Brooklyn ruled yesterday that New York City's 
lawsuit against gun manufacturers and distributors can go forward, despite new federal legislation devised to protect 
gun makers from such lawsuits.

The ruling, by Judge Jack B. Weinstein of United States District Court, was a significant victory for the city, which 
has argued that some gun makers and sellers know about the flood of handguns into the underground market, and have the 
power to minimize it by relatively simple means, but refuse to do so.

In his ruling, Judge Weinstein postponed a trial so the gun manufacturers could appeal.

Gun makers named in the suit include Beretta U.S.A., Browning Arms, Colt Manufacturing, Glock and Smith & Wesson.

The judge ruled that the new law, the Protection of Lawful Commerce in Arms Act, does not apply to the city's lawsuit 
because it falls under a narrow exception that allows lawsuits against the gun makers if their sales or marketing 
practices violate state or federal statutes."""


"""9 Gun Makers Called Liable For Shootings:   For the first time, a jury has found that gun manufacturers are liable 
for shootings with illegally obtained handguns because their marketing practices fostered illegal gun trafficking.

In a lawsuit filed in Federal District Court in Brooklyn, which legal experts called a test case for a wave of suits 
that have recently been filed against the gun industry, the jury found yesterday that 15 of 25 firearms makers named in 
the suit had been negligent. The suit was brought on behalf of victims in seven shootings. Of the 15 manufacturers 
found negligent, 9 were liable in at least one of three of the shootings -- two of them fatal -- in the New York City 
region in recent years.

The jury found that those nine manufacturers were collectively liable for the shootings -- even though it was not 
proved what brand of gun had been used in any of the cases -- because they oversupplied states with weak gun laws, 
which led to illegal sales in those with strict regulations, like New York.

The jurors found liability where it had determined that the companies' practices had been a ''proximate cause,'' or a 
substantial factor, in the shootings.""" - 
http://www.nytimes.com/1999/02/12/nyregion/9-gun-makers-called-liable-for-shootings.html


"""Bloomberg signs 4 gun-control bills - One measure would hold arms makers and dealers liable for deaths and injuries 
caused by illegal use of weapons:  A measure allowing the country's gun dealers and manufacturers to be held liable for 
deaths and injuries caused by the illegal use of their weapons in New York City was one of four gun-control bills 
signed into law yesterday by Mayor Michael Bloomberg.

"There's just no argument here, guns kills people," said Bloomberg during a signing ceremony in the Blue Room in City 
Hall. "It's time to get them off the streets."

One bill the mayor signed allows gun dealers and manufacturers to be sued if they fail to follow a "code of conduct" 
aimed at preventing guns from getting into the hands of criminals. The code will require these firms to abide by 
responsible sales practices, such as selling no more than one gun to a customer in any 30-day period.""" - 
http://infowars.com/articles/2nd_amendment/bloomberg_signs_4_gun_bills.htm



""In 1989, the Legal Action Project was created to change all that.  Since then, LAP attorneys have represented gun 
violence victims pro bono in courts throughout the country, establishing a body of law holding that those who 
manufacture, distribute and sell guns owe a duty to engage in their business responsibly, and they may be liable for 
contributing to criminal or unintentional shootings when they fail to do so.""   - 
http://www.bradycenter.org/legalaction/aboutlap


""Jurors trying to decide whether handgun manufacturers should be held liable for gun violence began their fifth day of 
deliberations Wednesday despite twice telling the judge they were deadlocked."" - 
http://www.cnn.com/US/9902/09/gun.lawsuit/index.html


http://articles.latimes.com/2002/sep/30/opinion/le-winterroth30


Respectfully,

Dave Kleiman - http://www.ComputerForensicExaminer.com - http://www.DigitalForensicExpert.com

4371 Northlake Blvd #314
Palm Beach Gardens, FL 33410
561.310.8801



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Reginald Wheeler
Sent: Friday, April 16, 2010 12:12
To: JayZee
Cc: martinez85 () att blackberry net; jlightfoot () gmail com; listbounce () securityfocus com; security-basics () 
securityfocus com
Subject: RE: Home wireless free hotspot

Lol... and SMH... It would turn out the same way it would if your were
in a Barnes and Noble in GA and did the same damn thing.  I wouldn't be
held responsible.  How do you think your phone service provider avoids
prosecution when some one gets caught doing something stupid while using
the service.  Terms of Use agreements save a lot of service providers
from very painful and expensive legal  and/or civil actions against
them.  This is per my lawyer.  As told to me it's kinda like the gun
industry.  The manufacture makes the guns and they are bought by
dealers.  The dealers then sell them to the end user.  None of them are
responsible for what is done with the gun once the end user agrees that
he will follow the letter of the law concerning the weapon that he/she
just purchased.  So if that end user shots someone the Dealer nor the
manufacture are responsible.  This same principle holds for service
providers that provide a service.  We are not responsible for the
illegal actions of a third party.    Hope this helps you to better
understand why I advised in the direction that I did.

Thank You,
Reginald Wheeler, Owner
A+, Networking+, MCSE 2003
1907 Hampton Dr.
Sandy Springs, GA 30350
Ph:678.615.2997
wheeler90 () comcast net



-----Original Message-----
From: JayZee <octopush () gmail com>
To: wheeler90 () comcast net
Cc: martinez85 () att blackberry net, jlightfoot () gmail com,
listbounce () securityfocus com, security-basics () securityfocus com
Subject: RE: Home wireless free hotspot
Date: Fri, 16 Apr 2010 08:18:35 -0700

Sounds like an easy escape clause in general  - we all should probably
have one of those regardless of having an open AP or not.   Good for
White/Black/Grey hats alike.


Lets run an experiment!?  You sign a "terms of use", open your AP and
then we will get some local guys from 4Chan (those guys are up for
anything!) down there in GA to run their script kiddy/pedobear/other
"unmentionables" from your open AP for a while and lets see how that all
turns out?


An empirical test of this amazing loophole in paramilitary raids!


-Jay


________________________________________
From: Reginald Wheeler [wheeler90 () comcast net]
Sent: Friday, April 16, 2010 3:18 AM
To: Jay Vlavianos
Cc: martinez85 () att blackberry net; John Lightfoot;
listbounce () securityfocus com; security-basics () securityfocus com
Subject: RE: Home wireless free hotspot


Now I spoke to a lawyer shortly after all this started to with this
string.  I was advised that all is needed is a terms of use. Thanks
guys.


Thank You,
Reginald Wheeler, Owner
A+, Networking+, MCSE 2003
1907 Hampton Dr.
Sandy Springs, GA 30350
Ph:678.615.2997
wheeler90 () comcast net






-----Original Message-----
From: Jay Vlavianos <jvlavianos () ecastnetwork com>
To: 'wheeler90 () comcast net' <wheeler90 () comcast net>
Cc: martinez85 () att blackberry net <martinez85 () att blackberry net>, John
Lightfoot <jlightfoot () gmail com>, listbounce () securityfocus com
<listbounce () securityfocus com>, security-basics () securityfocus com
<security-basics () securityfocus com>
Subject: RE: Home wireless free hotspot
Date: Tue, 16 Mar 2010 18:02:53 -0700


Um.... opening his wireless access point allows people to run a tor exit
node on their own... does it not?  As well as seeding torrents?  As well
as hosting warez?   As well as running a dyndns'd porn server?   As well
as hacking NSA servers?  As well as making all of your other neighbors
zombie DDOS robots?


He doesn't have to run the exit node himself, it only has to leave his
pipe for him to get the finger... right?


I think you are missing the _human_ aspect of this.  You are basically
saying


"Yes, you might be arrested and charged with child pornography,
humiliated in the local press and spend all of your life savings in a
court battle... but you WILL ultimately prevail and get your gear back
with an apology in the local news TV program so why not do it - THERE IS
NO CASE LAW!!! WOO HOO!!!"


Sounds a little stupid in that context doesn't it?  Does to me at least.








-----Original Message-----
From: Reginald Wheeler [mailto:wheeler90 () comcast net]
Sent: Tuesday, March 16, 2010 5:34 PM
To: Jay Vlavianos
Cc: martinez85 () att blackberry net; John Lightfoot;
listbounce () securityfocus  com; security-basics () securityfocus com
Subject: Re: Home wireless free hotspot


Dude the guy is not asking if it is safe to operate a freaking tor proxy
server.  He is asking if he set up something like what you would get if
you were to go to a freaking coffee shop.  Stop telling the guy he can't
do it.  Tell him the risk involved and tell him the best way to mitigate
those risk.  I know we have a bunch of IT professionals that are on this
mailing list.  The link that is provided talks of operating a proxy site
that can and will violate your ISP terms of use.  Now if you go through
the proper channels you can offer a wifi hotspot as a service.  You have
to speak to your ISP for the details of what you need to do.  So having
said that and now getting pissed with the level of incompetence that
many of my fellow IT professionals are showing I'm left wondering how in
the hell you got your jobs.  Now I am going to give Mr. Lightfoot this
advise please consult an IT professional that is well versed in wireless
networking and security.  This person will also be able to help you with
all of the legalities that you may run into with this project. Now for
everyone else we all have to think before we comment, not misrepresent
ourselves and do our best to leave our personal feelings about things in
our pockets when consulting someone on anything unless they ask for it.


Oh and P.S. a free to use wireless hotspot is not a Tor-Exit-Node.  Tor
meaning the The Onion Router is a piece of software that allows you to
route internet traffic for programs that use the internet through layers
of proxy servers in order to mask your IP address.  This has absolutly
nothing to do with a hotspot that will always carry the IP address that
is issued him from his ISP. So again Jay I have asked you to site case
law that will provide factual evidence that you can as a service
provider be held accountable for the actions that another person has
conducted on a network that has a Terms of use contract that has to be
agreed upon in order to access the network. This does not include the
fact that yes there is the inconvenience of having your equipment seized
for the sake of investigation.  You get it back.  Plus if you have
insurance and you do things the proper way.  You will be able to get a
replacement due to the fact that your now able to let your insurance
company know that your equipment was damaged in a criminal act and your
back in service.


Thank You,
Reginald Wheeler, Owner
A+, Networking+, MCSE 2003
1907 Hampton Dr.
Sandy Springs, GA 30350
Ph:678.615.2997
wheeler90 () comcast net\
Universal Systems Consulting LLC
Simplifying IT






-----Original Message-----
From: Jay Vlavianos <jvlavianos () ecastnetwork com>
To: martinez85 () att blackberry net <martinez85 () att blackberry net>
Cc: John Lightfoot <jlightfoot () gmail com>, listbounce () securityfocus com
<listbounce () securityfocus com>, security-basics () securityfocus com
<security-basics () securityfocus com>
Subject: Re: Home wireless free hotspot
Date: Tue, 16 Mar 2010 08:30:34 -0700


One only needs to read stories like the one below of a poor Tor exit
node operator to realize that you don't want -anyone- except yourself
on your own net connection.


That is, of course, if you need some excuse for your own activities
("I don't know man, I didn't download any softwarez- but maybe my
neighbor did!).


http://calumog.wordpress.com/2009/03/18/why-you-need-balls-of-steel-to-operate-a-tor-exit-node/






On Mar 16, 2010, at 7:32 AM, "Johnathan"
<martinez85 () att blackberry net> wrote:


How sweet of you...

Now matter how kind your intentions are, you may want to check the
terms and conditions of the agreement of the contract you hold with
your service provider.

You legally may not be allowed to do such a thing you are proposing.

You may be aware of this already, just wanted to put it out there
for others who may have the same mind set as you.

----
Johnathan

Sent via BlackBerry by AT&T

-----Original Message-----
From: "John Lightfoot" <jlightfoot () gmail com>
Date: Fri, 12 Mar 2010 15:10:40
To: <security-basics () securityfocus com>
Subject: Home wireless free hotspot

Hello,

I have a home wireless network that I'd like to make available to ne
ighbors
who need to borrow a connection from time to time.  Consider it karmic
repayment for the times I've had to borrow someone else's open
connection.
Of course, I'd like to do it securely, so I'm looking for some
advice.

My main network has a wireless router connected to the Internet,
with a few
wired connections to my home computers.  The main router's wireless
network
is protected by WPA, access control via MAC address, etc.  My
thought is I
would attach a second wireless router (Netgear) to a port off the main
router and leave it unsecured, using a second subnet, and block any
routing
between the two subnets, other than straight out to the Internet,
but I'm
not sure the best way to do that.

So, a few questions:

If I set up a second router with a subnet "subservient" to my
main router,
presumably it has to get an IP address within the address space of
the main
network, but how can I limit access to that network to only my
Internet
interface?

Would it make more sense for my secure network to be subservient to
the main
network, i.e. open up the main network and secure a secondary subnet
off it?

I also have a Secure Computing SG 300 Firewall/VPN appliance, could I
configure that help keep the networks separate and my home network
secure?
It's got a lot of nice features, but I'm not sure it would help
make my
configuration more secure.

This may be a very bad idea, so I'd also be happy to hear why
that's so if
it's true.

Thanks for any advice.


John Lightfoot




---
---------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs
an SSL certificate.  We look at how SSL works, how it benefits your
company and how your customers can tell if a site is secure. You
will find out how to test, purchase, install and use a thawte
Digital Certificate on your Apache web server. Throughout, best
practices for set-up are highlighted to help you ensure efficient
ongoing management of your encryption keys and digital certificates.


http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
---
---------------------------------------------------------------------





------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your company
and how your customers can tell if a site is secure. You will find out
how to test, purchase, install and use a thawte Digital Certificate on
your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.


http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------








------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]