Brian, et al, L2 never really was secure, regardless of whether we are talking about enterprise or home networks, wired or wireless. Sure there was a firewall in place, but the L2 and the subnet behind the firewall was only as secure as the least secure device that ever connected to it. Which is to say, not at all secure. I have yet to work at a corporation since the mid-1990s that didn't at some point have IT report that the local network was clogged due to a virus run rampant behind the firewall. This has always applied to both wired and wireless networks.
Perhaps it is worse with wireless since any laptop or cell phone able to connect is a potential breach that can be leveraged if L2 security is assumed. [So I'm agreeing with Brian, but pointing out that wired L2 was never secure in the first place.] Curtis In message <[email protected]> Brian E Carpenter writes: > On 13/09/2014 17:40, Markus Stenberg wrote: > > On 13.9.2014, at 5.50, Brian E Carpenter <[email protected]> > > wrote: > >> On 12/09/2014 22:23, Markus Stenberg wrote: > >> ... > >>> 1) Can we assume secure L2 and/or appropriate device > >>> configuration by the manufacturer/ISP(/user)? (This is what I > >>> can assume in my own home.) > >> I'm not sure I fully understand this question, but certainly > >> there a vast numbers of insecure home 802.11 setups. This is > >> less prevalent than it was a few years ago, but it seems like a > >> dangerous assumption if homenet-compliant kit is mixed in with > >> older stuff such as wireless hubs that are open by default. > > > > From my point of view, if youâre exposing part of your home network > > via insecure wireless, only way to secure it would be to run mandatory > > crypto over it both to hosts and routers. Iâm not sure this is really > > feasible either. Just securing router-router traffic (or parts of it) > > does not bring significant benefit from my point of view unless you > > also authenticate hosts in such a case. > > All true (as are the subsequent comments by Acee and Michael). > But the fact remains that we can't assume L2 is secure in the > normal case, which is a much worse situation than we traditionally > assumed for wired networks. > > Brian > > > > While securing HNCP in such a case would prevent some attacks on > > in-home network auto-configuration, anything else (e.g. using home > > resources, using home internet access, pretending to be uplink and > > performing MITM, the list goes on) would be still possible and I do > > not see the point. > > > > Cheers, > > > > -Markus.
_______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
