Slashdot Mirror

← Back to Stories (view on slashdot.org)

N.Y. County Mandates Wireless Security

Posted by ryuzaki0 on from the also-coffee-is-hot dept.

Mynister writes "CNN has an article about Westchester County NY forcing small business to use basic security on their wireless networks. From the article "The law also requires that businesses offering Internet access -- coffeehouses and hotels, for example -- post signs warning that users should have firewalls or other security measures.""

19 of 213 comments (clear)

  1. Not really security by flooey · · Score: 5, Insightful

    From the article:

    The law requires each business to install a firewall or change the default SSID, the name that identifies a wireless network, if the personal information stored has not already been encrypted.

    Umm...changing the SSID does nothing, in terms of security. If that's all that's required to satisfy this new law, I'm amazed.

    1. Re:Not really security by kryzx · · Score: 2, Insightful

      Let's also require that all vehicles have a red blinking light on the dashboard any time the owner is not in the car. But it's your choice on whether to lock the doors or leave the keys in the ignition.

      --
      "I don't know half of you half as well as I should like, and I like less than half of you half as well as you deserve."
    2. Re:Not really security by Abcd1234 · · Score: 4, Insightful

      So why pass a law in the first place?? Just start a public information campaign. Send fliers, broadcast commercials, that sort of thing. Laws should be our *last* resort when trying to deal with any sort of issue, and that includes technical ones.

    3. Re:Not really security by MobileTatsu-NJG · · Score: 2, Insightful

      "So why pass a law in the first place??"

      Because I don't want my credit card info stolen due to negligence from a company that's supposed to be holding my data securely.

      "Laws should be our *last* resort when trying to deal with any sort of issue, and that includes technical ones."

      Normally I would agree, but not this time. If my cc company were broken into because they had an insecure wireless router, I'd want to nail their asses to the wall as well as the person who stole in the first place. We're talking about securing sensitive data, here, not Joe Schmo sitting in his house playing quake over the wlan.

      --

      "I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)

    4. Re:Not really security by MikeFM · · Score: 2, Insightful

      What about the number of busineeses brilliant enough to put network ports in places that are open to the public? I've been able to jack in my laptop in hallwalls, waiting areas, and even outside of many businesses and government offices. What about fully wired PC's running Windows that get infected, hacked, or otherwise owned?

      It seems to me that busybody laws about specific technical choices aren't a good thing. Better to just make a general law about liability of businesses for leaked personal or financial information. Make them fully liable for all damages and throw in a hefty fine. Who cares how the information is leaked? If your lack of security hurts someone else then you should be liable. Maybe limit their liability and fines if they can document a good effort at securing that information. Not just having a security policy either - something solid such as daily security patches, virus scans, having proper firewalls, etc. I'd be tempted to fine anyone running Windows but I imagine Microsoft would use their money to kepe that from becoming law.

      --
      At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
  2. Re:Hmmm by N3TW4LK3R · · Score: 5, Insightful

    I don't think they want to enforce it.
    They're just making this law so that the courts can blame someone in case of damages

  3. Secure by default by DrXym · · Score: 4, Insightful
    The Netgears of this world should ship their devices secure by default. The device should be set up to use encryption by default, using a random key (printed on the unit underside and a slip of paper) and the appropriate instructions to let the user figure the rest out.

    It can't be hard to do and with the appropriate marketing might shift a few more devices.

    1. Re:Secure by default by mapkinase · · Score: 2, Insightful

      How about: first connected node gets a wizard in its face obliging him/her to enter a secure mode?

      --
      I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
  4. Stupidity. by hyfe · · Score: 4, Insightful

    Next step is to draft and enact a law making it a criminal offence not to lock your door. Won't take long 'till the whole family is gathered, together again, in prison/workcamp. It'll be fun!

    --
    "" How about taking the safety labels off everything, and let the stupidity-problem solve itself? """
  5. Re:In other news... by twitter · · Score: 2, Insightful
    You might not have noticed that they just made free software use more difficult. You will, at the minimum get Kwifi going if you have more than one wireless network you want to use. That won't always work, because of all the different little "standards" used by equipment makers. Windoze users, of course, will have a harder time too, but they expect and travel less to begin with.

    It's not funny. Mandating "security" without mandating it be implemented with accepted and published standards is counterproductive. Half ass "security" measures like this do more harm than good. If they were really worried about securing personal information, they would outlaw keeping that information with an OS that has a 12 minute half life on any network. By enacting an admittedly useless precautions, they are enforcing the notion that security in general is nothing more than an inconvenience to the user.

    --

    Friends don't help friends install M$ junk.

  6. Not gonna happen by PeeAitchPee · · Score: 2, Insightful

    We live in an instant gratification-based society where a very large percentage of the population can't be bothered to do things like read instructions or even a slip of paper. If it doesn't work when it's plugged in and / or switched on, people assume it's broken and return it. And since the competing router comes with security switched off (and seems to "work" when powered up), the consumer translates that into well-thought Amazon reviews such as "WHAT A PIECE OF CRAP ... COULDNT GET TO WORK AFTER AND HOUR, TOOK IT BACK TO BESTBUY AND GOT THE LINKSYS NOUF SAID." That's really the only reason Linksys / Netgear / et al ship their stuff with security disabled.

  7. What type of security are they enforcing? by IntelliAdmin · · Score: 3, Insightful

    After reading the article, this line is of interest:

    "The law requires each business to install a firewall or change the default SSID, the name that identifies a wireless network, if the personal information stored has not already been encrypted. Penalties would range from a warning on first offense to a $500 fine on third offense."

    How would any of this help with the security of a wireless network. I did not see anything regarding the use of encryption - unless I missed it.

  8. hold on.. by eeeeee · · Score: 2, Insightful

    Unsecured RESIDENTIAL wireless networks have already been illegal in westchester county for about 6 months. These laws aren't made to be enforced, per se, they just raise awareness of wireless encryption for the average westchester county layman. Most non-technical people see encryption as an unnecessary hassle. This problem is even worse in Westchester, which is one of the wealthiest counties in the country, where people tend to not want to be bothered with things they deem too much of a bother. I set up networks all over the county and often hear "well I don't want to remember another 'password'" or "but then i'll have to call you when I buy another computer" or "why would anyone want to steal anything on my network?". It's a lot easier to reply with "Well it's county law" than to try to make the common sense/good practices/file-share liability arguments.

  9. law should and does allow unprotected networks by tech-law-ny · · Score: 2, Insightful
    The law in question has two distinct parts. First, if you're a business that stores personal information on a networked machine, and you have a wireless access point on this network, you must implement a security measure. The county's choices of security measures probably aren't the best, but the concept of requiring a security measure in this situation is reasonable.

    Second, if you offer Internet access to the public, you must post a sign suggesting that customers' personal machines implement a security measure. It's not necessarily the best way to protect customers, but a sign is a low-cost requirement and probably rarely burdensome.

    The law doesn't forbid offering unrestricted Internet access to anyone within range. This is a good choice. A person or business should be allowed to share use of an Internet connection, provided they are willing to take the risk that someone might use this connection to do very bad things. For example, you might want to offer your Internet connection to the (semi-)anonymous public by running both an unprotected wireless hotspot and a Tor exit node.

  10. He must be right - he used ALL CAPS by Dachannien · · Score: 2, Insightful

    Far be it from me to argue with someone so well-versed in the art of being louder than his opposition, but "separation of powers" refers to a model of government where the activities of the government are divided into multiple branches.

    Besides that, local governments could argue that the usable range of a wifi signal is very short, occurring fully within their jurisdiction. They could also argue that they aren't regulating the physical communications layer (the radio signal), but rather the configuration of the data link layer, which doesn't necessarily depend on transmission via wireless signal (even though, in practice, that's the only way it's communicated). While there is the potential for a battle up into federal court, I don't see it as being nearly as cut-and-dried as you do... unless you have some legal precedents you'd like to share with us.

  11. Re:Hmmm by driddle · · Score: 2, Insightful

    IMO if someone goes around turning people in for stupid things they are total scum of the earth. Maybe instead of looking at other peoples faults they should look at their own. I think the only time one should report people is when it is something that is gravely immoral (i.e, murder, rape, etc.) or dangerous to others, etc.

  12. Re:Hmmm by PhoenixFlare · · Score: 3, Insightful

    IMO if someone goes around turning people in for stupid things they are total scum of the earth. Maybe instead of looking at other peoples faults they should look at their own.

    The trouble is, a "stupid thing" to one person (usually the person doing the activity, oddly enough) is a major annoyance to another, and/or in some cases, against the law - noise issues are a good example.

    I'm sure the pothead I used to live under a couple years ago thought I was "total scum of the earth" after I called the police on his numerous violations of a town noise ordinance, and eventually got him evicted.

    People think the laws against silly things like noise pollution, parking in fire lanes, etc. are optional, but hey...Not liking a law doesn't excuse you from following it.

  13. Re:Hmmm by Babbster · · Score: 3, Insightful

    Nicely put. And in the example given up-thread, we're talking about jerks who were parked in places they shouldn't have been, spots that were presumably necessary for the orderly flow of a [mostly] government agency - our government agency. We'd probably be irritated if the government spent money adding a salaried employee whose only job was to check that parking laws around post offices were being followed, but we should be happy when someone is willing to take a little unpaid time to help fix things that need fixing.

    One wonders if the GP feels that neighborhood watch groups are the "scum of the earth" because they're trying to keep their houses, and those of their neighbors, safe.

    Just last night, there was a party across the street that started going wrong (a lot of people - more than 20 - screaming at each other outside). It was only about 10:00 at night on a Saturday but should I have felt bad because I called 9-1-1 to inform them that something very loud and concerning was going on in my neighborhood, even though I wasn't sure that any laws were being broken? Maybe I should have also felt bad that I called the police on my next-door neighbors when they were screaming and breaking things. Personally, I don't think so. I prefer to think that I might have averted something much worse by getting Portland's Finest out to check out what was going on. Or, maybe, I'm the "scum of the earth" because I'm getting involved in someone else's business...

  14. Re:Hmmm by Babbster · · Score: 2, Insightful

    Wow. Your definition of appropriate 9-1-1 use is pretty limited. Had I called the "non-emergency" number, perhaps there would have been more than a short fight (a fight did break out last night between the time I called and the police showed up) before someone got to me and eventually sent out a cruiser.

    As for husbands and wives fighting, again, what's the advantage of waiting until you hear a scream for help? Is it that perhaps the police officer who would eventaully come has a few more minutes to pull over somebody with a broken tail-light or going 45 in a 35 zone? Further, if you think that husbands and wives throwing and breaking things in their house during an argument is normal behavior, then I feel bad for your family. That sort of behavior is violent and I'd much rather have an officer arrive before someone gets a shiner (or much worse) than after. If the couple doesn't like that, then they're living in the wrong neighborhood. Perhaps moving next door to someone like you would be a good option...