Wireless network security

[mdlbear]

This New York Times article (soul-sucking registration probably required) and this blog post that refers to it seem to have a wrong view of wireless networking:

There are two problems highlighted here, I think:

• We haven't done enough to make it clear why encrypting your wireless network is important.
• More importantly, wireless routers need to be secure out of the box. Users will not change their behavior unless the barrier for wireless network security is lowered as far as possible

Wireless networking is inherently insecure. I would much rather see wireless routers come out of the box with the wireless network wide open and just exactly as isolated from the wired network as the WAN port is. When I connect to an unsecured wireless network (and I won't allow any other kind in my house) I expect it to be exactly the same as connecting to the wild, wild Internet. I connect through a firewall on my laptop.

I'd go further and make it clear, legally, that an unsecured wireless connection is available for free public use. If you don't want the public to use it, encrypt it. Just as an encrypted network says "No Trespassing", an open network should say "public property -- please don't litter".

Comments

[aerowolf.livejournal.com]

I believe there was a court case in Pennsylvania that got someone out of a "unauthorized access to computing resources" charge, on the basis that the network is sending out beacons, waiting to be called -- which means that it's attracting people and devices to it, even though it's a nuisance. "Attractive nuisance" was the final ruling.

[eleccham.livejournal.com]

That's exactly how I treat it, although I am aware that my internal, wireless-side security is not where it should be; I've not ever had time to research setting up a Radius or whatever server on my Linux box.

But I don't encrypt my network 'cause I think it provides me security; I provide it because of folks like the guy who was walking past our house, when cerval happened to be sitting out front on her laptop, and replied, "Wow, they've got wireless here?" (In a friggin' trailer park, mind you!)
She replied, "No, I have wireless here."

[funkatron.livejournal.com]

Most things are inherently insecure. I can throw a rock through your window and get into your house if I really want to. That doesn't mean putting some effort into securing your homestead is a bad idea.

If you want to rely only on your capabilities to properly configure a personal firewall, that's your perogative. I didn't write that you shouldn't be able to disable security on consumer wireless equipment -- only that it should be much easier for the average user to secure his or her network. And personally, I'd rather take a multilayered security approach than rely on a single point of defense.

It sounds like you're confusing what works for you with what works for most people. You and I aren't most people. Most wifi equipment is sold to average joes who can't do anything you're talking about -- setting up a personal firewall properly, split their wifi and wired networks, and the like. If it works for you, great, but don't kid yourself into thinking you represent a company like Netgear or Linksys' core market.

[mdlbear]

You're undoubtedly right about the market, and as long as there's Windows we're probably stuck with the need for secure wireless. It would be nice to be able to configure a wireless router one way or the other, with separate filtering rules for the wireless and wired subnets.

Instead, I'm afraid what's going to happen is that they'll pass some stupid law to prohibit open public wireless networks altogether -- the telecoms and wireless ISP's would love it.