I thought some of you might like this little rant... or you might hate it. Either way, I'd love to hear your thoughts and I wanted to make you all aware of this law. It is going into full swing by October 2007 requiring that vendors meet the demands of the law.
I was about to go with the Big Brother Conspiracy Theory...but instead...
I think ...if the wireless equipment manufacturers want to survive , they have to KISS up. Keep It Simply Secure. The everyday consumer need not use CLI or GUI to configure security on his or her wireless device.
Auto configuration is a must... this method of typing in passwords and encryption keys is not efficient and can be confusing for even the professional.
There are several SOHO vendors that offer the Push-Button..One Touch Security. It (Auto Config) needs to reach into the enterprise APs and Wireless Switch/Controllers. I have seen and played with a vendor's AP that needs the latest version of Windows XP and service pack 2. It secures the device when the client connects as a Guest to the Guest SSID and to the Corporate with the Corporate SSID, with WPA-TKIP as security parameters.
You have to manually configure WEP and Radius.
CLI interfaces need to go away, and the interface should be simple like a plug and play devices, where the drivers are automatically detected.
New York (Westchester County) has it backwards... put it on the equipment makers , like they (federal government) did with the BIG tobacco and cigarrette industry.
My 2 cents worth.
Living in a rural area, my issues are necessarily as bad as might be found in the larger cites, but what I have seen is so many open pieces of equipment out there that is it is down right scarey.
While the California law presented might be a step in the right direction, the major problem currently is that the basic consumer has NO concept about anything wireless. All they know is that they want this product or that product and so be it. Trying to get them to even thing about security is TOO MUCH, INFORMATION OVERLOAD.
By the same token, many people don't understand that they just can't connect to some open system and use away. They have no clue that they are STEALING and if caught could face some harsh penalties.
The key in my book is trying to educate the resellers, customers, organizations, etc etc etc.
Of course then we could also agree that while education is the name of the game, it is probably the most difficult part of the problem.
I nominate all Wireless#', CWNAs, CWSPs, CWAPs, and CWNEs as ambassadors before Congress and the House of Representatives, eventually maybe even the United Nations to educate them on Secure Wireless Networks at the SOHO consumer level.
We will march on the National Capitol proclaiming 802.11i as the standard to follow. This will lead to National and Global Wireless Security Awareness. We will be issued a Nobel Peace Prize for our work.
Then I wake up.:)
Of course then we could also agree that while education is the name of the game, it is probably the most difficult part of the problem
On a serious note : you are right. VERY DIFFICULT!
I actually see laws like this creating a new market as well. In the past, technical things installed in the home (think HVAC, plumbing, electrical) have been implemented and maintained in larger part by professionals. Is the time coming when people will actually call techs to their home for their computers?
Don't get me wrong, I know we have companies that do that now, but I am from a really large family and so is my wife. I don't know of a single relative who has ever called them - they ALWAYS CALL ME!
We'll just have to wait and see...