Mandatory wireless filtering

Thomas Ptacek | November 6th, 2005 | Filed Under: Uncategorized

From Eric Rescorla:

Even if you believe (which I don’t) that counties should be in the business of regulating people’s network security, there are two problems with this proposal. First, there’s no real evidence that open APs are the major threat to the security of commercial networks. After all, lots of intrusions happen over the Internet. The number of people who could potentially break into your system over the Internet vastly exceeds the number of people in the local area attached to your AP. And there’s no talk here of requiring businesses who don’t operate wireless networks to have firewalls.

Without contesting the spirit of his objection, I just want to point out that the impact to network security of the Westchester proposal is rather like that of mandatory egress filtering (outbound traffic must have plausible sources): it reduces the ability of attackers to use Westchester as a launching point for attacks on other networks.

I don’t believe that regulation will solve this problem, but it is fair to point out that open wireless APs are an important new means for attackers to get access to the Internet in the first place: much more convenient and much safer than stolen university dialup accounts.