Re: Wireless insecurity at NANOG meetings

[Iljitsch van Beijnum <iljitsch () muada com>]

On Sun, 22 Sep 2002, William Allen Simpson wrote:

> > but it adds annoyance for the intended users.  in the case of non-
> > techs, considerable annoyance.  and it gives negligible privacy.

> Randy has the best of intentions.  But I'm tired of the old saw that
> security adds annoyance.  I long ago gave up on a WG at the IETF when
> the members wanted to add security, but with *NO* configuration.

Well, if that's a possibility, then it sounds like the way to go.

> Sorry, any security requires a *SECRET*.

No way. If you have to depend on some information to remain secret in
order to reach your security goals, you can start counting down until your
security is breached because it will happen each and every time.
Confidentiality in itself is only one goal.

> I will agree that the security in WEP is almost useless, and have
> personally campaigned to change it for years.  But, it is still the only
> Access Control widely available.  So, it should be used, in addition to
> the better methods.

In this particular instance, the gain is incredibly small (you only keep
out non-participants for 15 minutes or so) and the annoyance is rather
large. Also, if you use WEP people may be under the misguided impression
their data isn't completely open to public scruteny.

If you really want the wireless network at a convention to be safe, simply
filter all clear-text protocols. That is much more inconvenient than
having to find the right WEP key, but at least it really helps.