[Novalug] wireless available at meetings?
truegsegger at csc.com
Tue Jan 16 17:01:01 EST 2007
> If the key is dedicated for our use, or just guest use - it doesn't
> really matter? It would be a separate segment isolated from the core
> corporate network? All we would get would be (limited) internet
> access? And with a key, no random person at the outside would be
> invited inside?
All good points (and the net in the auditorium is, in fact, isolated
from CSC's Intranet--it wasn't always--and I'm pretty sure any attack
that would work here could also be mounted from the open Internet).
But you're asking that someone sign for an exception to policy and
assume a risk for no benefit to the signer. And CSC really hates
exceptions to anything.
> 1) We're not monitoring what each individual does. He could be
> innocently surfing or trying to hack internal resources.
Yes, but we'll have a known pool of suspects ;-)
Also, even a suspicion of cracking would permanently put an end to our
meetings at CSC, and none of us wants that.
> > * There's no explicit order forbidding it, and my buddies in
> > network admin are ok with it. No strangers involved.
> Got it; as long as nobody knows they won't get worried. I agree with
> you, no reason to rock the boat here. However, what we're basically
> saying is, that we're utilizing a "security hole" or oversight; but
> not abusing it. If that makes sense?
Yikes! No, that's not what I meant at all. Our own network admins
certainly care about security, and gave me this permission only after
a reasonable consideration of the risks. I'm confident they'd let us
use wireless, too (they did for years) but they don't have the
authority to grant exceptions to that corporate policy.
> I would however want to question the need to surf, while attending a
> presentation ... it doesn't seem very polite not to pay attention to
> the presenter.
That's a different subject from wired vs. wireless, and it looks like
a new thread is well under way.
More information about the Novalug