Mailinglist Archive: opensuse (1639 mails)

< Previous Next >
Re: [opensuse] Still think you WEP protection is sufficient for home use?
  • From: Greg Freemyer <greg.freemyer@xxxxxxxxx>
  • Date: Wed, 4 Mar 2009 13:19:29 -0500
  • Message-id: <87f94c370903041019o7d286eebo71a9c29ee2556cfe@xxxxxxxxxxxxxx>
/Per


I don't know about in Zürich, but in the US I don't think the
liability is significant.

Are you talking about the liability of being investigated.

That's the part of the problem, yes.
There is however also a possiblity of an individual or a company being
accused of having facilitated an unlawful activity by a third party
without being an actual telecoms provider.  When you're not an ISP or
similar, all activity on your network is essentially your
responsibility.

Never heard of that in the US and I work in the field of computer
forensics. Meaning I know the law fairly well but IANAL.

If true, then every coffee shop, McDonalds, bookstore, hotel etc.
would have liability for the activities of their wireless users. That
just does not seem to be true, or they would not be offering wireless
connections.

One can certainly get pulled into an investigation, interviewed,
subpoenaed, issued interrogatories, etc. but not actual
responsibility.

Mind you in the US, if you become _aware_ of child porn(CP), you must
notify law enforcement (LE). I don't know the exact details, but
certainly if a corporate employee became aware of same, they would
have a legal obligation to notify LE.

Basically in the US CP is considered an ongoing crime, so even
attorney client privilege does not trump the legal requirement to
notify LE.

FYI: I'm aware of a situation where an apartment dweller had a wide
open wireless.  His neighbor used it to hack into his home PC.  And
then stored illicit images there.  When the police came, yes they
first arrested the owner of the PC.  Further investigation showed he
had nothing to with storing the images, so he was not convicted of
child porn activity.

Sounds like just the kind of thing that would be very difficult to deal
with: "I didn't download those pictures and I didn't store them on my
PC".

Agreed, but my wireless subnet is firewalled off from my other subnets
in exactly the same way that I firewall off the rest of the Internet.
And I have zero assets on the wireless subnet that someone could try
to hack. So physical proximity does not make it any easier to get
data from the unsecure subnet to my secure subnets.

In my case the wireless router has an actual routable Internet IP, so
it lives directly on the Internet. As expected the wireless router
does NAT,etc. but that is only to offer limited to anyone borrowing
my wireless.

My opinion for business need is that if you treat the wireless subnet
the same way you treat a direct Internet connection, then you should
be safe.

ie. connect the wireless to the unsecure Internet, not to the secure
side of your firewall. If you want wireless to be semi secure, then
create a DMZ and put it in there, but never connect it to a secure
network. Use VPNs etc. if you need connectivity.

/Per

Greg
--
Greg Freemyer
Litigation Triage Solutions Specialist
http://www.linkedin.com/in/gregfreemyer
First 99 Days Litigation White Paper -
http://www.norcrossgroup.com/forms/whitepapers/99%20Days%20whitepaper.pdf

The Norcross Group
The Intersection of Evidence & Technology
http://www.norcrossgroup.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >