Re: Hotel networks (Was Re: Security for the IETF wireless network)
2014-07-26 05:34:06Hi,
Assuming you didn't (because NOC doesn't tell us what to expect), how do you know you connected to the IETF network, and not some evil twin who is able to spell "ietf-1x" correctly in his AP config dialog?Would connecting to this evil twin network be worse than connecting to the plain ietf network, perhaps also operated by an evil twin?
Those two choices are equally bad indeed. The point is that we can do much better, with a few simple steps. And the IETF network has already gone 90% of the way by enabling 1X with RADIUS server etc. At that point, *not* going the few last steps doesn't make much sense. You don't stop running a marathon one mile before the end, just because "25 miles is pretty good, I don't need the rest". Or do you? Thinking about it, maybe the 1X network evil twin is worse than a plain open network even: when connecting to an open network, people (probably and rightfully) don't assume any confidence in the network they connect to. The 1X "enterprise security" label alone can easily make people think that it is more secure against all kinds of attacks and be more relaxed in their surfing/usage habits - while it's not, unless you take all the right steps. Greetings, Stefan Winter
0x8A39DC66.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
| Previous by Date: | Re: Last Call: <draft-dukhovni-opportunistic-security-01.txt> (Opportunistic Security: some protection most of the time) to Informational RFC, Viktor Dukhovni |
|---|---|
| Next by Date: | Re: Clueless (was: Moderation on ietf(_at_)ietf(_dot_)org), Phillip Hallam-Baker |
| Previous by Thread: | Re: Hotel networks (Was Re: Security for the IETF wireless network), Randall Gellens |
| Next by Thread: | Re: Hotel networks (Was Re: Security for the IETF wireless network), Randall Gellens |
| Indexes: | [Date] [Thread] [Top] [All Lists] |