1 / 20

UNINTENDED INVITATION: ORGANIZATIONAL WI-FI USE BY EXTERNAL ROAMING USERS

UNINTENDED INVITATION: ORGANIZATIONAL WI-FI USE BY EXTERNAL ROAMING USERS. By Janice C. Sipior and Burke T. Ward From August 2007 / Vol. 50, No. 8 COMMUNICATIONS OF THE ACM Reporter: 99756020 曾政堯 Date:2010/11/01. Outline. Introduction Roaming User Vs. Organizational Perspective

daisy
Download Presentation

UNINTENDED INVITATION: ORGANIZATIONAL WI-FI USE BY EXTERNAL ROAMING USERS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNINTENDED INVITATION:ORGANIZATIONALWI-FI USE BY EXTERNALROAMING USERS By Janice C. Sipior and Burke T. Ward FromAugust 2007 / Vol. 50, No. 8 COMMUNICATIONS OF THE ACM Reporter: 99756020 曾政堯 Date:2010/11/01

  2. Outline Introduction Roaming User Vs. Organizational Perspective Applicability Of U.S. Law To Roaming Use Recommendations For Roaming Use Conclusion

  3. Introduction “Wireless technology, has opened the largest computer network security hole since the advent of modems”. The use of Wi-Fi networks is increasing worldwide, projected to reach 707 million users by 2008, according to Pyramid Research. In 2004, approximately 5% of Americans had wireless local area networks (WLANs) in their homes .

  4. Introduction Paul Timmins and Adam Botbyl stumbled onto an unsecured wireless fidelity (Wi-Fi) network while looking for wireless access points in 2003. Timmins wanted to check his email on his laptop. He was routed to a corporate portal of Lowe’s. Botbyl then returned with Brian Salcedo to access Lowe’s corporate data center. Timmins 因為check e-mail被判處緩刑兩年。 Botbyl 因被認為是共犯,判處聯邦監獄服刑兩年兩個月,伴隨兩年假釋期。 Salcedo 因被認為陰謀傳輸惡意資料導致電腦損害、未經授權侵入電腦及涉嫌電腦詐欺 罪,判處聯邦監獄服刑九年。

  5. Roaming User Vs. Organizational Perspective Roaming Users’ Perspective • Convenient Internet access • Mobile users connect through a wireless access point • Deliberate sharing • They likely view the signal as having fortuitously entered their airspace • Enhance information exchange • convenience, timeliness, flexibility, and frequency expand public discourse

  6. Roaming User Vs. Organizational Perspective • Enhance products and services • Mobile commerce changes products and services • Raise organizational security awareness • The activity of wardriving • Add value to society • Having the only telephone in the world would be of zero value, but this value increases for each new telephone it can call

  7. Roaming User Vs. Organizational Perspective Organizations’ Perspective • Operational benefits • Including wireless email, Web browsing, and intranet • Economic cost • Organizations bear the financial cost of providing wireless service • Trespass • Roaming users may arrive uninvited to availthemselves of free Internet connectivity

  8. Roaming User Vs. Organizational Perspective • Violation of the Internet service provider user agreement • More roaming users could increase Internet use beyond planned levels • Violation of legally requiredsecurity • Security cannot be guaranteed should uninvited roaming users arrive

  9. Roaming User Vs. Organizational Perspective • Security risks • Unauthorized roaming users can obtain proprietary data,passwords, and other organizational information • Security challenges of roaming employees • Employee use of public wireless networks can expose organizational communications to “man-in-the-middle” attacks

  10. Roaming User Vs. Organizational Perspective 漫遊用戶與組織企業對於Wi-fi的觀點: *Roaming user使用行動裝置的漫遊使用者

  11. Applicability Of U.S. Law To Roaming Use IS IT LEGAL? • TypesOf Roaming Wi-fi Users • The legal protection of Wi-Fi use is unclearDepends on intentionand authorize • Federal Law、State Law and Common Law

  12. Applicability Of U.S. Law To Roaming Use • Cell 1 (Whacking) • Intentional access of secured wireless networks • Cell 2 (Joyriding) • Intentional access of unsecured wireless networks • Cell 3 (Accidental riding) • Unintentional access of unsecured wireless networks • Cell 4 (Accidental intruder) • Unintentional access of secured wireless networks • Wardriving and warchalking • Wardrivers are not a type of roaming user

  13. Applicability Of U.S. Law To Roaming Use 漫遊用戶的類型: *Access Point Use 使用目的性 * Wi-Fi Network Security 網路安全性

  14. Applicability Of U.S. Law To Roaming Use 美國法律對於漫遊用戶的適用性: *CFAA計算機欺詐和濫用法 * ECPA 電子通信隱私法 * 所謂War Driving,是一種利用掃描程式進行無線網路存取點掃街搜尋的行為。

  15. Recommendations For Roaming Use • Security • encryption software, firewalls, authenticating user devices, and virtual private networks for password protection • Periodic monitoring • Detect unauthorized devices, inappropriate communications, and signal leakage

  16. Recommendations For Roaming Use • Training and support for employee use • An enterprisewide wireless plan should provide standardization, allowing improved implementation, management and support • Roaming use • Wi-Fi network providers should be responsible for reasonably managing their resources and protecting against unauthorized use • Roaming user access only publicly accessible Wi-Fi

  17. Organizations Public Policy Roaming Users Recommendations For Roaming Use 漫遊的建議:

  18. Conclusion • Unauthorized use can subject roaming users to civil and criminal liability. (未經授權的漫遊使用者可能觸及民事和刑事法律責任) • Organizations are exposed to potential system disruption and degradation, increased costs, security risk, and liability to third parties. (組織企業可能遭受系統破壞 、成本增加、安全風險與第三方責任) • National legislation, and ultimately a global solution, must therefore balance the competing interests of roaming users vs. the proprietary rights of organizational Wi-Fi network providers. (國家必須立法平衡漫遊用戶的利益與Wi-Fi網路提供組織的專有權利)

  19. Conclusion 結論:心存善念,免錢的最貴!!!

  20. THANKS FOR LISTENING.

More Related