Comment Re:My question (Score 1) 201
"Is it up to Microsoft to require people to use secure passwords? Is it up to Oracle to require people with sensitive data to use the data encryption features of Oracle? Is it up to the postfix authors to require people to not run open mail relays?
As always, security is left up to those running the system. Similarly, wireless network security is up to those running the network. You can't force people to be secure. All you can do is strongly encourage it."
Certainly the responsibility is the individual user's. But frequently they don't know enough about it to know what to do or even how to find out what to do. And it can be worse than that.
When I got my DSL connection, the ISP (a major U.S. telephone company) sent me a modem/router with very basic instructions that said plug this wire in here and that wire in there. Nothing was said about wireless or encryption. However, I noted an antenna on the box and figured that was for wireless.
So I called the company's technical support to find out how to turn it on/off and how to set up encryption. The tech support guy told me not to worry, that the wireless was turned on by default. As for encryption, he said his company did NOT support encryption on wireless. After some pleading, he finally told me how to log into the router. But he would say nothing else, not even a hint on how to turn on encryption. (Since, at the time, I had no wireless devices, I simply turned off the wireless link. Subsequently, I acquired a laptop with wireless and figured out how to encrypt my traffic.)
The point of this is that even though I had the sense to ask how to make my wireless connection (somewhat) secure, the company was unwilling to provide any help and only after much pleading did they even provide a hint as to how I could control the thing. So even if an individual wants to take responsibility, it is not always possible.
As always, security is left up to those running the system. Similarly, wireless network security is up to those running the network. You can't force people to be secure. All you can do is strongly encourage it."
Certainly the responsibility is the individual user's. But frequently they don't know enough about it to know what to do or even how to find out what to do. And it can be worse than that.
When I got my DSL connection, the ISP (a major U.S. telephone company) sent me a modem/router with very basic instructions that said plug this wire in here and that wire in there. Nothing was said about wireless or encryption. However, I noted an antenna on the box and figured that was for wireless.
So I called the company's technical support to find out how to turn it on/off and how to set up encryption. The tech support guy told me not to worry, that the wireless was turned on by default. As for encryption, he said his company did NOT support encryption on wireless. After some pleading, he finally told me how to log into the router. But he would say nothing else, not even a hint on how to turn on encryption. (Since, at the time, I had no wireless devices, I simply turned off the wireless link. Subsequently, I acquired a laptop with wireless and figured out how to encrypt my traffic.)
The point of this is that even though I had the sense to ask how to make my wireless connection (somewhat) secure, the company was unwilling to provide any help and only after much pleading did they even provide a hint as to how I could control the thing. So even if an individual wants to take responsibility, it is not always possible.
