>I agre security is sadly lacking, but it is probably impossible to
>implement in a conference environment.
Look this is a very simple issue. Sean's first post really pointed out that it's "bad
form" for a set of operators to run an insecure network. I would believe that it's
"good form" to at least try. It was stated that the network was not run by the
"operators". OK, I accept that, but it's run by people with great (actually
fantastic) connections to real operators (ie: us).
WEP may not be a good protocol, but it's better than nothing. If people thing it's
hard to configure, then run two networks.. one without WEP and one with WEP.
Security is a relative thing... Normally security at the door to the nanog conference
hall is "low", but that does not seem to bother many people. (Hence security at a
"wired" locations within the conference is "low" making the WEP issue mute).
I would be happy to run on a wireless network with a specific SSID and no SSID beacon
with a static WEP key. (I don't have LEAP, or other protocols on my laptop). Does
this make my communications more secure? I don't know... Everything from my nanog
laptop is VPN'ed anyway... hence already end-to-end encrypted.
I believe that Sean brought up a good point and something worth working on.
Even an incremental improvement at this upcoming meeting followed by another
incremental improvement at the next meeting, etc. etc. will be a good thing.
BTW: WEP may not be a great protocol and people may believe there is a false sense of
security. If this worries you, then I would recommend a note placed on the nanog web
pages that states something like "all IP networking provided at the conference should
be considered insecure, etc.".
Martin
PS: As for bandwidth "stealing". Heck... looking at the stats for previous nanog's,
we are doing a poor job of using the provided bandwidth. I say... bring it on!
(legal traffic only --- of-course!).
