[OpenWireless Tech] Securing an OpenWireless.org Access Point
Tom Hanan
tom.hanan at switchcomputing.com
Wed Jan 14 13:03:52 PST 2015
Here is a short summary of many previous e-mail from contributors to
OpenWireless.org regarding best practices for standing up and securing
an OpenWireless.org SSID on an open access point.
I feel strongly that these "best practice" recommendations should be
incorporated into an OpenWireless.org "Best Practices" web page that
promotes reliable and readily available protection of OpenWireless SSID
"providers" from the inadvertent or intentional abuses of OpenWireless
SSID "Users" which may result in undesirable consequences from Six
Strikes ISPs, Copyright Trolls or poorly informed Law Enforment agencies.
1) *Use a dedicated access point, on its own subnet, to stand up
OpenWireless.org access*. This "Ensures WiFi Password Protected
Equivalent isolation" between unencrypted OpenWireless Traffic and your
other encrypted & password secure Traffic and thus minimizes your
additional exposure by standing up an OpenWireless SSID. Using an old
access point you already have or buying a modern one with VPN tunneling
capability for <$15 will provide gracious providers of OpenWireless
access with the best possible protection against malicious abusers of
their hospitality with the least possible hassle from their ISP and
Copyright Trolls.
2) *Limit your exposure to your ISPs Six Strikes IP monitoring,
Extortion actions by Copyright Trolls or potentially unprovoked Law
Enforcement action by **limiting ALL OpenWireless access via your IP
address to VPN*. Initially this requires that you set your OpenWireless
routers default setting to "Disable ALL Non VPN Tunneling". This simple
action will conceal OpenWireless traffic on your IP address from your
ISP and Copyright Trolls while also providing Safe broadband access to
savvy OpenWireless users with their own VPN accounts. In the future
OpenWireless router software should default to this configuration unless
manually changed by the OpenWireless "provider" to support the use of a
VPN account through witch all non VPN tunneling traffic is routed.
3) *Upgrade your Router or Router Software to support routing of all Non
VPN Tunneling OpenWireless traffic to a No/Low cost VPN Lite or full VPN
service that you setup and or pay for.* Future versions of the
OpenWireless Router software should include this feature as well as
automatically provide users with a list of No/Low cost VPN Lite and Full
VPN providers they can select from that currently support the routers
built in VPN software. Note that the VPN Lite Services are only protect
the user IP address form their ISPs six strikes policies and Copyright
Trolls. VPN Lite does not protect the security of OpenWireless users
traffic. The only way an OpenWireless user can ensure their own security
is by using their own VPN!
Please feel free to respond with your own comments and suggestions on
how best OpenWireless can promote "best practices" which reliably
protect OpenWireless "Providers" from the threats documented on the
OpenWireless.org web site. I would especially like your feedback on the
use of IP masking VPN Lite technologies that could be provided free or
at very low cost to OpenWireless "Providers" wishing to protect their
Broadband IP address.
Kind Regards,
Tom
---
This email has been checked for viruses by Avast antivirus software.
http://www.avast.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.eff.org/pipermail/tech/attachments/20150114/74351f1e/attachment.html>
More information about the Tech
mailing list