Friday, 7 October 2005

Broadband unites remotest schools. Pupils at Britain's two remotest are enjoying closer links with a new broadband access. [BBC News | UK News | Education | World Edition]
9:31:42 PM    

The Unreported Municipal Risk: Security and Google's Little VPN Play.

Glenn's broken record is: let's talk about security on the local link: I've written about this before, but it's worth repeating. None of the municipal Wi-Fi networks I've read about have any consideration for security over the local link. They all imply that there's either no security risk or those with interest in protecting their passwords for POP email and other unencrypted services use a VPN.

This explains Google VPN experiment. If it's unreasonable to expect everyone on a muni network to use WPA Enterprise for username/password login and unique keys on the local link, or if it's impossible to have Wi-Fi bridges preconfigured with this authenticated method, then most users will be sending their data in the clear along with lots of passwords. (My co-authored Take Control of Your Wi-Fi Security ebook just out has a section detailing precisely the kind of data that's passed in the clear by default, and what's encrypted.)

The local link is the weak link because if the traffic is sent in the clear, an enterprising young thief just drives around, sucks down lots of data, extracts unencrypted POP passwords (which are often the same as a user's password elsewhere), along with anything else the user sends in the clear, and is off and running on fraudulent activity and identity theft.

In fact, it's so obvious that it's a given that the first time that a large-scale unencrypted local link Wi-Fi cloud powers up that there will almost immediately be this kind of behavior resulting in criminal acts.

Thus the Google VPN. If Google runs the municipality and throws in not just free usage but also free VPN service, then it sidesteps security. If you ask Google about security if they win the bid for installing San Francisco's network, they'll say, we offer every visitor and resident a free VPN to bypass that problem.

Configured correctly, locally subnetted computers and other devices are still reachable, while all Internet resources pass through encryption.

I've made this argument before only to be told by people who blame the victim and expect far too much especially from the average currently unconnected user that users should employ application-specific encryption methods, such as POP over SSL and SFTP. Yeah, right.

Securing the local link in a simple, free, and default method is the only way in which a municipal network won't become the basis of massive fraud.

[Wi-Fi Networking News]
4:35:30 PM    

© Copyright 2005 Bill .
Last update: 23/10/05; 8:57:51 PM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Broadband and Infrastructure" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.