North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Wireless insecurity at NANOG meetings

  • From: Martin J. Levy
  • Date: Sat Sep 21 19:51:04 2002

>I agre security is sadly lacking, but it is probably impossible to
>implement in a conference environment.

Look this is a very simple issue.  Sean's first post really pointed out that it's "bad form" for a set of operators to run an insecure network.  I would believe that it's "good form" to at least try.  It was stated that the network was not run by the "operators".  OK, I accept that, but it's run by people with great (actually fantastic) connections to real operators (ie: us).

WEP may not be a good protocol, but it's better than nothing.  If people thing it's hard to configure, then run two networks.. one without WEP and one with WEP.

Security is a relative thing... Normally security at the door to the nanog conference hall is "low", but that does not seem to bother many people.  (Hence security at a "wired" locations within the conference is "low" making the WEP issue mute).

I would be happy to run on a wireless network with a specific SSID and no SSID beacon with a static WEP key.  (I don't have LEAP, or other protocols on my laptop).  Does this make my communications more secure?  I don't know... Everything from my nanog laptop is VPN'ed anyway... hence already end-to-end encrypted.

I believe that Sean brought up a good point and something worth working on.

Even an incremental improvement at this upcoming meeting followed by another incremental improvement at the next meeting, etc. etc. will be a good thing.

BTW:  WEP may not be a great protocol and people may believe there is a false sense of security.  If this worries you, then I would recommend a note placed on the nanog web pages that states something like "all IP networking provided at the conference should be considered insecure, etc.".

Martin

PS: As for bandwidth "stealing".  Heck... looking at the stats for previous nanog's, we are doing a poor job of using the provided bandwidth.  I say... bring it on!  (legal traffic only --- of-course!).