On Sat, 21 Sep 2002, Richard A Steenbergen wrote:
Would WEP solve anything other than keeping the casual person on the street who doesn't know what NANOG is from getting free bandwidth for a couple days? I don't think so.
The trouble is that not using WEP looks like you're not bothering with the low level of security that's available in wireless. The fact that WEP only adds a 15 second - 15 minute delay to full access to the network both for legitimate and not-so-legitimate users means it offers more annoyance than security, but that doesn't alter the perception.
There are also people ssh'ing to personal and corporate machines from the terminal room where the root password is given out or easily available.
Are you saying people shouldn't SSH?
Clearly *SOME* NANOG participants aren't terribly security conscious. But are these the experienced network operators, or just the people who show up because someone at their company thinks its a network training camp?
The real question is: how far we want to go in protecting people against themselves? If the answer is: far, fine: then filter the wireless network for everything that isn't SSH, SSL or some kind of VPN. Otherwise they'll learn the hard way, just like why it's important to back up your files.
That's what the password board is for I guess.
Even more fun would be to scan for email headers and send messages back to the originator that the message is being read over insecure means. That should get some people's attention... However, I think it's dangerous to talk about how insecure everything is all the time. At some point, people are going to think it's no use to even try securing their stuff and just give up. It would be better to deliver a more positive message: if you use SSH, SSL and/or a VPN, you can do whatever you want over a wireless connection without running bigger risks than at home or at the office.