2
It seems like a network is considered to be secure by OS(or at least Windows) when the network has a password.
By secure, it seems to mean the data gets encrypted.
Can't public places just put WPA2 password on the network and tell people to use the password instead of just making unsecured hotspots? In that case, hackers can still get in the network but the data is encrypted, isn't it?
whiteSkar
Posted 2014-03-30T02:53:07.663
Reputation: 241
2
An open network requires no password to access, and no need to maintain or give out a password, making it simpler to operate.
Also, if the intent is to provide a convenience service to the public, it may be better to not have encryption, as it's clear signal that you, the end user, are responsible for securing your transmissions and not the access point operator.
There is no technical reason, i.e. unencrypted wifi has the same range and speed as encrypted wifi.
LawrenceC
Posted 2014-03-30T02:53:07.663
Reputation: 63 487
Only that "as it's clear signal that you, the end user, are responsible for securing your transmissions": no end user seems to bother. I think that right now 'no accountability on the side of the provider' will hold in court because it still seems not to many people know about this vulnerability, but this will change. Note that we are (only) playing a game here about "who's right" - from a technical/security standpoint there should be a password. – Jan Doggen – 2014-03-30T10:02:56.340
1
It may be a cultural thing as well. Here (in New Zealand), it is common place for places to have passwords on the WIFI which they give to their clients.
Don't mistake a password being required to connect to WIFI with a secure network, there is nothing secure about it. If someone knows the password they can compromise the network and machines on it (assuming they are running something vulnerable). Even if they don't know the password it is often easy enough to break it.
That said, having a password creates an artificial barrier to entry. There is a business model around a "catch and release" type system where you are allowed access to the network through a captive portal, which has adverts of the sponsors.
davidgo
Posted 2014-03-30T02:53:07.663
Reputation: 49 152
0
Actually, most WiFi hotspots are more secure than you think. AP isolation is commonplace and millions of web servers and applications deploy ssh/tls to secure endpoints. This means that locally you have no access to other hosts on the network and remotely your connections are fully encrypted. Try to scan your subnet and you will see that this the case for most spots.
Scandalist
Posted 2014-03-30T02:53:07.663
Reputation: 2 767
Because people would need to look for the password. The point of public hotspots is to be accessible anywhere. – Jon – 2014-03-30T02:56:11.070
So there is no technical side of why they don't offer secure hotspots? Is it only because of the accessibility? – whiteSkar – 2014-03-30T03:03:37.583
@whiteSkar yes, if they will use a password then it is not publicly available anymore, right? So if they will use a password and let the people know one by one then any hacker can get that password too in that case by asking them. The best way is use SSL like
Httpsinstead ofHttpfor your mail and bank accounts. – avirk – 2014-03-30T03:07:54.2972
Or use The VPN to secure yourself http://www.bauer-power.net/2008/07/setup-simple-vpn-server-using-windows.html
– avirk – 2014-03-30T03:08:30.870I mean yes hackers can get the password and execute attacks. But the data is still encrypted over the network, isn't it? Does this not provide at least one safety feature? – whiteSkar – 2014-03-30T03:18:31.917
1So what you are asking is why they don't provide link level encryption from your device to the access point independent of access control. Where as WPA2 conflates encryption and access control. What that would be is like using SSL to a web server but more on the level of using IPSEC to the access point. – Dan D. – 2014-03-30T03:33:40.847
hmm yea seems like that is what I mean. I am asking why they don't provide some encryption. I am okay with not providing us with access control because that's what "public" means. By this, hackers can still execute a lot of different attacks but the data I send over the data is encrypted. And I think this provides the best cost efficient safe feature since having a password on the network is a really easy step but data encryption is a really good thing. – whiteSkar – 2014-03-30T03:40:22.563
It is as simple as including the password in the name of the hotspot (Shop_Password_is_PW), or adding a 'Password=' remark to the 'Public Wifi available here' note on the window that's already there. – Jan Doggen – 2014-03-30T10:05:06.933
Yeah, mainly the problem is that WiFi systems don't implement the option (and your laptop might not know how to use it if they did). AFAIK, setting up encryption does not inherently depend on the password in any way. – Daniel R Hicks – 2014-04-01T02:06:26.020