Wi-Fi security? Don't need it!

[mdlbear]

Security expert Bruce Schneier, in a Wired article titled Steal This Wi-Fi, writes

Whenever I talk or write about my own security setup, the one thing that surprises people -- and attracts the most criticism -- is the fact that I run an open wireless network at home. There's no password. There's no encryption. Anyone with wireless capability who can see my network can use it to access the internet.

To me, it's basic politeness. Providing internet access to guests is kind of like providing heat and electricity, or a hot cup of tea. But to some observers, it's both wrong and dangerous.

He then goes on to explain why it isn't dangerous. I found it from this Techdirt post, but it's really nothing new: I've had an open access point at the Starport ever since I installed it.

It's very simple, really: everything wireless is treated as "outside the firewall" as far as anything inside, on the wired network, is concerned. It's behind a router that blocks outgoing port 25 (SMTP) to make life hard on drive-by spammers; everything else is open going out. Coming in from the big, bad Internet, nothing gets through except http, dns, and ssh. And from there to my wired network nothing gets in except http, dns, ssh, and ipp (so people can print, as long as they know the URL of one my printers). That's it.

Comments

Re: Dumb question time

[mdlbear]

"You don't leave your doors unlocked in the city, either, even if it is Seattle."

Don't know about you, but I have two doors on the front of my house: the screen door, which is just latched, and the front door, which has a deadbolt on it. It's not unusual for packages to get left between the screen and the door; if I had an enclosed front porch the screen door would be there instead.

I probably should use NoCatSplash on my WiFi to let guests know that it might be monitored (I know the Feds are listening, in any case -- AT&T owns the line). That's probably enough.

Re: Dumb question time

[technoshaman.livejournal.com]

I have the main outer door.... and a large covered area just outside of it, which can safely shelter packages as well as a recycle bin and at times various other stuff, and an old rural-sized mailbox across the street, which is great for having small packages mailed USPS. Although frankly, anyone who gets inside the outer gate had best have either a uniform that says "FedEx", "UPS", "USPS", or the like, an invitation, or a warrant. Anyone else is liable to find themselves on the business end of something either loud or pointy.

(In keeping with that paradigm, all my mail/web/etc. services are colo'ed offisite. :)

(And for the record, you and yours have a standing invite, just give us a little warning so if anything needs rearranging... :)