On 15/09/2014 03:59, Curtis Villamizar wrote: > Brian, et al, > > L2 never really was secure, regardless of whether we are talking about > enterprise or home networks, wired or wireless. Sure there was a > firewall in place, but the L2 and the subnet behind the firewall was > only as secure as the least secure device that ever connected to it. > Which is to say, not at all secure. I have yet to work at a > corporation since the mid-1990s that didn't at some point have IT > report that the local network was clogged due to a virus run rampant > behind the firewall. This has always applied to both wired and > wireless networks. > > Perhaps it is worse with wireless since any laptop or cell phone able > to connect is a potential breach that can be leveraged if L2 security > is assumed.
Precisely. Security is in reality always a relative term, and a network is roughly as secure as its least secure component. The point is that a non-secured 802.11 network welcomes MITM, so HNCP in particular needs to resist MITM (unless you are happy if the small print on the box warns against running non-secured 802.11). I don't think that MITM-resistance requires encryption, though - authenticated identity should be enough. Homenet in general needs to worry about DOS and surveillance allowed by weak L2 security, but that's a separate topic. Brian > > [So I'm agreeing with Brian, but pointing out that wired L2 was never > secure in the first place.] > > Curtis > > > In message <[email protected]> > Brian E Carpenter writes: > >> On 13/09/2014 17:40, Markus Stenberg wrote: >>> On 13.9.2014, at 5.50, Brian E Carpenter <[email protected]> >>> wrote: >>>> On 12/09/2014 22:23, Markus Stenberg wrote: >>>> ... >>>>> 1) Can we assume secure L2 and/or appropriate device >>>>> configuration by the manufacturer/ISP(/user)? (This is what I >>>>> can assume in my own home.) >>>> I'm not sure I fully understand this question, but certainly >>>> there a vast numbers of insecure home 802.11 setups. This is >>>> less prevalent than it was a few years ago, but it seems like a >>>> dangerous assumption if homenet-compliant kit is mixed in with >>>> older stuff such as wireless hubs that are open by default. >>> From my point of view, if you’re exposing part of your home network >>> via insecure wireless, only way to secure it would be to run mandatory >>> crypto over it both to hosts and routers. I’m not sure this is really >>> feasible either. Just securing router-router traffic (or parts of it) >>> does not bring significant benefit from my point of view unless you >>> also authenticate hosts in such a case. >> >> All true (as are the subsequent comments by Acee and Michael). >> But the fact remains that we can't assume L2 is secure in the >> normal case, which is a much worse situation than we traditionally >> assumed for wired networks. >> >> Brian >> >> >>> While securing HNCP in such a case would prevent some attacks on >>> in-home network auto-configuration, anything else (e.g. using home >>> resources, using home internet access, pretending to be uplink and >>> performing MITM, the list goes on) would be still possible and I do >>> not see the point. >>> >>> Cheers, >>> >>> -Markus. > . > _______________________________________________ homenet mailing list [email protected] https://www.ietf.org/mailman/listinfo/homenet
