1/20 unintended invitation: organizational wi-fi use by external roaming users by janice c. sipior...
TRANSCRIPT
1/20
UNINTENDED INVITATION:
ORGANIZATIONALWI-FI USE BY EXTERNAL
ROAMING USERS
By Janice C. Sipior and Burke T. Ward
From August 2007 / Vol. 50, No. 8 COMMUNICATIONS OF THE ACM
Reporter: 99756020 曾政堯Date:2010/11/01
2/20
Outline
• Introduction
• Roaming User Vs. Organizational Perspective
• Applicability Of U.S. Law To Roaming Use
• Recommendations For Roaming Use
• Conclusion
3/20
Introduction
“Wireless technology, has opened the largest
computer network security hole since the advent of
modems”. The use of Wi-Fi networks is increasing
worldwide, projected to reach 707 million users by
2008, according to Pyramid Research. In 2004,
approximately 5% of Americans had wireless local
area networks (WLANs) in their homes .
4/20
Introduction
Paul Timmins and Adam Botbyl stumbled onto an unsecured wireless fidelity (Wi-Fi) network while looking for wireless access points in 2003. Timmins wanted to check his email on his laptop. He was routed to a corporate portal of Lowe’s. Botbyl then returned with Brian Salcedo to access Lowe’s corporate data center.
Timmins 因為 check e-mail 被判處緩刑兩年。Botbyl 因被認為是共犯,判處聯邦監獄服刑兩年兩個月,伴隨兩年假釋期。Salcedo 因被認為陰謀傳輸惡意資料導致電腦損害、未經授權侵入電腦及涉嫌電腦詐欺 罪,判處聯邦監獄服刑九年。
5/20
Roaming User Vs. Organizational Perspective
Roaming Users’ Perspective• Convenient Internet access
– Mobile users connect through a wireless access point
• Deliberate sharing– They likely view the signal as having fortuitously
entered their airspace
• Enhance information exchange– convenience, timeliness, flexibility, and frequency
expand public discourse
6/20
Roaming User Vs. Organizational Perspective
• Enhance products and services– Mobile commerce changes products and services
• Raise organizational security awareness– The activity of wardriving
• Add value to society– Having the only telephone in the world would be of
zero value, but this value increases for each new telephone it can call
7/20
Roaming User Vs. Organizational Perspective
Organizations’ Perspective• Operational benefits
– Including wireless email, Web browsing, and intranet
• Economic cost– Organizations bear the financial cost of providing
wireless service
• Trespass– Roaming users may arrive uninvited to
availthemselves of free Internet connectivity
8/20
Roaming User Vs. Organizational Perspective
• Violation of the Internet service provider user agreement– More roaming users could increase Internet use
beyond planned levels
• Violation of legally required security– Security cannot be guaranteed should uninvited
roaming users arrive
9/20
Roaming User Vs. Organizational Perspective
• Security risks– Unauthorized roaming users can obtain proprietary
data,passwords, and other organizational information
• Security challenges of roaming employees– Employee use of public wireless networks can expose
organizational communications to “man-in-the-middle” attacks
10/20
Roaming User Vs. Organizational Perspective
漫遊用戶與組織企業對於 Wi-fi 的觀點 :
* Roaming user 使用行動裝置的漫遊使用者
11/20
Applicability Of U.S. Law To Roaming Use
IS IT LEGAL?• Types Of Roaming Wi-fi Users
• The legal protection of Wi-Fi use is unclear Depends on intention and authorize
• Federal Law 、 State Law and Common Law
12/20
Applicability Of U.S. Law To Roaming Use
• Cell 1 (Whacking)– Intentional access of secured wireless networks
• Cell 2 (Joyriding) – Intentional access of unsecured wireless networks
• Cell 3 (Accidental riding) – Unintentional access of unsecured wireless networks
• Cell 4 (Accidental intruder) – Unintentional access of secured wireless networks
• Wardriving and warchalking – Wardrivers are not a type of roaming user
13/20
Applicability Of U.S. Law To Roaming Use
漫遊用戶的類型:
* Access Point Use 使用目的性* Wi-Fi Network Security 網路安全性
14/20
Applicability Of U.S. Law To Roaming Use
美國法律對於漫遊用戶的適用性:
* CFAA 計算機欺詐和濫用法 * ECPA 電子通信隱私法* 所謂 War Driving ,是一種利用掃描程式進行無線網路存取點掃街搜尋的行為。
15/20
Recommendations For Roaming Use
• Security– encryption software, firewalls, authenticating
user devices, and virtual private networks for password protection
• Periodic monitoring– Detect unauthorized devices, inappropriate
communications, and signal leakage
16/20
Recommendations For Roaming Use
• Training and support for employee use– An enterprisewide wireless plan should provide
standardization, allowing improved implementation, management and support
• Roaming use– Wi-Fi network providers should be responsible for
reasonably managing their resources and protecting against unauthorized use
– Roaming user access only publicly accessible Wi-Fi
17/20
Recommendations For Roaming Use
漫遊的建議 :
Organizations
Roaming Users Public Policy
18/20
Conclusion
• Unauthorized use can subject roaming users to civil and criminal liability.( 未經授權的漫遊使用者可能觸及民事和刑事法律責任 )
• Organizations are exposed to potential system disruption and degradation, increased costs, security risk, and liability to third parties.( 組織企業可能遭受系統破壞 、成本增加、安全風險與第三方責任 )
• National legislation, and ultimately a global solution, must therefore balance the competing interests of roaming users vs. the proprietary rights of organizational Wi-Fi network providers.( 國家必須立法平衡漫遊用戶的利益與 Wi-Fi 網路提供組織的專有權利 )
19/20
Conclusion
結論: 心存善念,免錢的最貴 !!!
20/20
THANKS FOR LISTENING.