Contact Info

sean [at] coreitpro [dot] com gpg key

Mastodon

sc68cal on Libera

Public Wireless

I am lucky enough to live in Philadelphia and free public wifi has reached my house.

Now obviously I’m not going to exchange my WPA2 encrypted personal network for it. But there might be some people that might. What is worrying to me is the fact that these networks encourage bad habits. Normal users aren’t going to set up a encrypted SOCKS proxy, or a VPN to their home network. Not to mention, service providers aren’t going to go out of their way to address these security concerns.

Why do I say that? Well, it’s easy. It’s only after a Google search on the subject of security in municipal wireless networks did I actually find out that service providers like AT&T and T-Mobile, who manage most of the wireless hotspots actually provide downloadable VPN solutions. Google, who manages hotspots in California also provides a VPN solution.

From Red Herring “I Spy with Muni Wi-F”i

“VPN, WPA [Wi-Fi Protected Access, a new security specification] configurations on the laptops, etc.; how do you do that in a large city like New York or San Francisco?” said Mr. Hernacki. “How do you teach to that many users the many access points to connect to?” Those setting up muni Wi-Fi networks aren’t ignoring that challenge. Google was unavailable for comment. However, the company is offering secure private network software called Google Secure Access as a free download. Such an offering may take time to catch on with average users, said Mr. Hernacki. “Google has a clear, unencrypted network and wants people to use a VPN client if they want security,” he said. “That concerns me because expecting the average user to use VPN on their own is pretty difficult.”

So, you only find the security solution for public wireless, only if you know what the risks are. The public however doesn’t know or understand the risks.

But just because your not on the public wifi, doesn’t mean that you’re safe. There are plenty of private WEP networks, some only containing 64-Bit keys, which means it can be broken at the drop of a hat. If you’re still using WEP 5 years after it was broken, you’re even less safe than being on a public wifi. You’re trying to hide something with a encryption scheme that has been broken very badly. You’re attracting attention to yourself.

Others, however, believe that fears about security over muni Wi-Fi networks are overblown. “It’s high on people’s minds primarily because it is used as a tool of opponents of the muni networks,” said Craig Settles, author of the book, Fighting the Good Fight for Municipal Wireless. “The reality is that the networks in and of themselves when properly developed and deployed are no less secure than standard networks.”

There’s a flaw in this logic though. It’s one thing if a user sets up a wireless network in his house and either does not encrypt the traffic, or uses an outdated encryption protocol that is easily broken. That’s just one user.

On the other hand, when you have a municipality or private enterprise, consisting of professionals, who have decided that security is not a concern, who then proceed to endanger an entire city block worth of paying subscribers or taxpayers, you have a different matter.

The lack of any detailed discussion relating to security was troublesome,” said Brian Hernacki, an architect with security software developer Symantec’s research labs.

Indeed.