Why you should not run an Open Wi-Fi
Security Expert Bruce Schneier wrote a commentary on Wired yesterday where he admitted that he was using an Open Wi-Fi and that he could not see what was wrong with doing so. He refused to accept security reasons because he said that the computer had to be secured as well and that an Open Wi-Fi would essentially be the same as using Wi-Fi on airports or Internet cafes.
Filesharing did not seem to be a concern as well citing the probability of being caught in the act. He is not concerned about bandwidth stealing either, most likely because he has a flatrate.
I would like to respond to this. A low probability to get caught does not mean that it won't happen. This is my first concern. And the probability rises with every file shared on the Internet. I'm not sure about the law in America but I do know that you are responsible in many countries if a crime can be connected to your IP and that the excuse that you have been running an Open Wi-FI will not help you at all.
Besides file sharing we have the probability that someone is using the open Wi-Fi for hacking, blackmailing, trojans, viruses, child pornography or insults on forums. Depending on your location it could be highly unlikely that this is happening but I would never take this risk in first place.
Bandwidth is another aspect. If someone used all my upload speed to distribute files I would experience slow downs and could not use several applications that require a certain amount of bandwidth. It's not only about the amount of Gigabytes that you transfer, it's also about the impact on the system.
Only to help others out - with Internet - that you do not know ? If your neighbors need Internet so badly they could ask, can't they ?
Advertisement
2 options:
run a smoothwall (or similar firewall device) and have a separate open wifi network that cannot communicate with your network
OR
become a fonero!
@Dante:
Open WiFi != Unsecure Network != Compromised security of its computers and for sure != unencrypted connection to your invesment accounts.
@Martin:
I’d love to have more open WiFi’s around, since I usually carry a WiFi-enabled-mobile around, so it’s not just the neighbours.
Since I do know about the laws in your home country, I acknowledge your concerns though, cause if something does indeed happen, you’re toast *g*
The bandwidth-argument is an issue though. The efforts I’d have to pull to work around these are around those to secure my network, which leaves only Schneier’s “Do-Goodie”-aspect of the whole thing, against which there is no argument as such, except some pessimists grumbling.
Is it dangerous? Not if he puts the efforts saved securing his WLAN in securing his own computers. Is it illegal? Obviously not in the US. Plus, he can afford an expensive lawsuit or a good lawyer to start with, so he has indeed little to fear, even if his network would be by 0.little % percent used for a crime of any sort.
I guess this “security” expert doesn’t make too much money. Obviously he has no need to log onto any investment accounts while sharing his Open connection. Or he could be a choirboy at heart: grabs ankle and SHOUTS – I BELIEVE !!
Almost a year ago, Bruce Schneier asked in his blog if we really need a security industry.
“As I often do, I mused about what it means for the IT industry that there are thousands of dedicated security products on the market: some good, more lousy, many difficult even to describe. Why aren’t IT products and services naturally secure, and what would it mean for the industry if they were?”, Bruce Schneier
http://www.schneier.com/blog/archives/2007/05/do_we_really_ne.html
I think his opinion about making Wifi open consists with what he wrote. He is pushing people to train the warriors instead of relying on untrained warriors with a lot of shields around their bodies.
But the problem is that I have the feeling that he is somehow confused and cannot tell when the warrior’s body ends and when his shields start.
A law professor at the University of Dayton, Susan Brenner, wrote an article in her blog about this very subject. The comments are especially interesting, the long and short of it is that you probably aren’t criminally liable in the US if you open your WiFi, at least not for crimes committed by others. Check it the full article at:
http://cyb3rcrim3.blogspot.com/2007/12/criminal-liability-for-unsecured.html