Re: Hotel networks (Was Re: Security for the IETF wireless network)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

>>  Assuming you didn't (because NOC doesn't tell us what to expect),
>> how do
>>  you know you connected to the IETF network, and not some evil twin who
>>  is able to spell "ietf-1x" correctly in his AP config dialog?
>
> Would connecting to this evil twin network be worse than connecting to
> the plain ietf network, perhaps also operated by an evil twin?

Those two choices are equally bad indeed.

The point is that we can do much better, with a few simple steps. And
the IETF network has already gone 90% of the way by enabling 1X with
RADIUS server etc. At that point, *not* going the few last steps doesn't
make much sense.

You don't stop running a marathon one mile before the end, just because
"25 miles is pretty good, I don't need the rest". Or do you?

Thinking about it, maybe the 1X network evil twin is worse than a plain
open network even: when connecting to an open network, people (probably
and rightfully) don't assume any confidence in the network they connect
to. The 1X "enterprise security" label alone can easily make people
think that it is more secure against all kinds of attacks and be more
relaxed in their surfing/usage habits - while it's not, unless you take
all the right steps.

Greetings,

Stefan Winter

Attachment: 0x8A39DC66.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]