Are the N.Y. County politicians crazy?

I was absolutely floored when I read this story about Westchester County in New York outlawing any Wi-Fi network that doesn't have some kind of "server to fend off Internet attacks."  I'm no legal expert, but I do know a technical fiasco when I see one and this would qualify as a fiasco on a monumental scale.

I was absolutely floored when I read this story about Westchester County in New York outlawing any Wi-Fi network that doesn't have some kind of "server to fend off Internet attacks."  I'm no legal expert, but I do know a technical fiasco when I see one and this would qualify as a fiasco on a monumental scale.

First of all, it isn't clear what this county law considers a "firewall" or "network gateway server".  Are they talking about firewall ACLs (Access Control Lists) that protect the internal network from outside intruders? Or are they talking about shielding the Internet from a hacker that would commandeer a Wi-Fi network as a platform for attacking other servers on the Internet?  If they are talking about blocking access to the Internet for things like SMTP mail or HTTP web access, that would make the Internet access useless.  If they're concerned about hackers using a hotspot to hack servers around the Internet, a firewall really doesn't offer any of the protections they seek since the network ports necessary for basic Internet functionality are the same ports used for hacking.  A network IDS (Intrusion Detection System) would be much more appropriate for preventing malicious activity, although I'm afraid to give these politicians in N.Y. any more ideas.

Second, this law would even pertain to open Wi-Fi access in a places like coffee shops where no servers, cash register or sensitive data is present.  The law even applies to businesses that already run secure wireless LANs using good encryption and authentication.  If a business wants to run internal firewalls or not on a SECURE NETWORK, that's their business and no one else's.  Hardening servers and running secure authentication protocols is much more important on an internal network than running some extra firewalls.  Using this "logic", why not mandate internal firewalls for all wired and wireless networks regardless of whether they are secure or not?

Third, the coffee shop or any other business running Wi-Fi would have to register their wireless LANs with the county within 90 days (which sounds like a permanent bureaucrat employment scam and power grab). With this type of regulation in place, the coffee shop that was giving away free Wi-Fi access might just throw up their hands and say forget it and close the Wi-Fi access down because they don't want to deal with extra firewalls and stupid government regulations.  Other businesses might just give up secure wireless LANs entirely not wanting to deal with the hassle.  Others might convert their existing secure wireless LANs in favor of the County-approved method of a "network gateway server" which would make them less secure that what they were doing.

The county seems to think running an Open Network with a network gateway server is better than running a secure wireless LAN in the first place, which is ludicrous.  These politicians know absolutely nothing about Information Systems and they're about to do a lot more harm than good.  If they were really so concerned about Wi-Fi security, why don't they implement a ban on any new Wi-Fi equipped product that doesn't support a minimum of WPA like the Sony PSP or any other WEP-only device.  Sony would change its tune rapidly and release the WPA firmware PSP.  Why don't they implement a global ban on the use of known insecure protocols like LEAP, PPTP, and WEP instead of picking on coffee Shops that doesn't need wireless security in the first place or companies that are already running a secure Wireless LAN?

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All