Grifter

According to a new proposal being considered by a suburb of New York City, any business or home office with an open wireless connection but no separate server to fend off Internet attacks would be violating the law.

Politicians in Westchester County are urging adoption of the law--which appears to be the first such legislation in the U.S.--because without it, "somebody parked in the street or sitting in a neighboring building could hack into the network and steal your most confidential data," County Executive Andy Spano said in a statement.

The draft proposal offered this week would compel all "commercial businesses" with an open wireless access point to have a "network gateway server" outfitted with a software or hardware firewall. Such a firewall, used to block intrusions from outside the local network, would be required even for a coffee shop that used an old-fashioned cash register instead of an Internet-linked credit card system that could be vulnerable to intrusions.

Scott Fernqvist, special assistant to the county's chief information officer, said Friday that he thought "the law would apply" to home offices as well.

"It was just introduced; it's a draft," Fernqvist said. "We're hoping it's enacted early next year, but this can change."

The proposed law has two prongs: First, "public Internet access" may not be provided without a network gateway server equipped with a firewall. Second, any business or home office that stores personal information also must install such a firewall-outfitted server even if its wireless connection is encrypted and not open to the public. All such businesses would be required to register with the county within 90 days.
How hacking has evolved
Music downloads without the software
Live video news online? Think flying dinosaurs
Hey, you got your iPod in my Xbox 360
Previous Next

The proposal echoes a slew of bills in Congress and in state legislatures that are being considered in the wake of recent security problems involving Bank of America, payroll provider PayMaxx and Reed Elsevier Group's LexisNexis service. But the other proposals tend to follow approaches such as requiring notification of breaches or restricting use of Social Security Numbers--as opposed to regulating wireless links.

According to the Westchester proposal, public Internet access sites also would have to post a sign saying: "You are accessing a network which has been secured with firewall protection. Since such protection does not guarantee the security of your personal information, use discretion." Violations of any part of the law would be punishable with fines of $250 or $500.

Representatives from the county's information technology department drove around downtown White Plains, N.Y., with laptop computers and detected 248 open wireless connections in less than half an hour, the county reported. Half lacked "visible security" features.

http://news.com.com/Unsecured+Wi-Fi+...4194&subj=news

brtecson

I wonder how they're going to enforce that.

MrFatbooty

So for personal use, doesn't pretty much any router (i.e. a network switch + firewall combo, as opposed to a simple wireless access point) count as a "firewall-outfitted server"? And even with a plain WAP, as long as it's plugged in to one of the ports on a router, which is the firewall, wouldn't that count too? Sounds to me that as long as you have a router and turn the encryption on you'll be in compliance with the law, but they certainly didn't word it that simply.

Nightshade

I don't get why they are aking a big deal out of this.

If a person wants to leave their connection open for others to use it is their perogative to do so. I know lots of people who lock up their computers but leave the signal wide open and even boost it for others to use freely as long as they aren't whoring it or trying to hack in.

Something tells me the internet providers are trying to say it is ruining their profits or something like that.

James3370

i have my wireless setup to allow my neighbors to get on, but i have it setup on MAC address authentification to keep them from giving the WEP key to people i don't want to have access.

my biggest example i use to explain to customers as to why the should "care" if a neighbor or some random person pulling up outside can get on their connection is this......

"let's say somebody pulls up outside & gets on your connection. not a big deal you say??? how about if this person then sent a threatning letter to the president??? well guess who's IP that letter would originate from??? granted the FBI & secret service will be able to eventually figure out it didn't come from you or any of your computers, but trust me when i tell you that you really don't want the FBI & secret service to come knocking on your door investigating this cause when the do, they won't be very nice about it"

just my 2cents

Ochdx

It said unsecured network. Plain WAP is a security measure

MrFatbooty

I was referring to this part:

BonzoAPD

That is the friggen ghey county I live in.