[AusNOG] Wifi Security and Interception
Mark Andrews
marka at isc.org
Wed Jun 9 10:58:45 EST 2010
In message <6855B462D756004D9A700E875EF936B90D0515D3 at pwkcrkex1.pipe.pwk>, "Beva
n Slattery" writes:
> Anand,
>
> Just so we're clear here. You don't have a problem with someone sitting
> in the Qantas Lounge with wireshark recording all the communication
> happening at that location for say 2 weeks? You don't have a problem
> with someone sitting in the street near a recipient of your emails (say
> your parents street) where they foolishly have an open Wifi access point
> downloading photo's of your children that you sent to them?
>
> Interesting.
I don't use unencrypted channels to fetch / send my email. The MSA
I connect to uses encryption whenever it can and I have my MUA's
setup to abort the connection if it can't establish a secure channel.
They can sniff all they want but they won't see anything.
ISP's could do a lot to help here:
* Ensure that you support encrypted agents on your end.
* Publish HOWTO's which turn on encryption as part of the setup proceedures.
It really isn't that hard anymore.
* Don't offer unsecured web email.
* Ensure that your MTA's have certificates so they can do session encryption.
I wish it was possible to not offer unencrypted channels at all but
there are too many old clients out there.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the AusNOG
mailing list