Re: [AFMUG] Banks Law Enforcement over Wireless

[D. Ryan Spott]

Tell them you provide best effort security to secure YOUR service but 
you provide the same security as the cable/telcos do to end users. NONE.


Banks and Law Enforcement need to have their own IT staff create a VPN 
to secure their data regardless of the communications service they 
use... even if it not you!


Ask your insurance company if they will cover you and your *complete 
guarantee* of the security of private financial documents or crime 
victim data.


ryan


On 6/30/15 11:39 AM, Darin Steffl wrote:

Hey guys,

We're working with some local banks and law enforcement agencies to 
provide internet service to them and understandably, they're asking 
about security and if our fixed wireless service is secure enough for 
their service.


I usually respond saying we use hardware encryption (WPA2-AES) on all 
our links but that their data also runs over SSL or some type of 
encrypted tunnel between their devices and their servers. The bank for 
example is moving from hosting on-site and going to the cloud so 
they'll no longer store any user data at their branch but someone else 
hosts it. I'm sure they have an encrypted tunnel of some sort to 
protect their data so the medium whether fiber or wireless really 
shouldn't matter.


Has anyone dealt with banks or law enforcement agencies on the 
Wireless security issue and have any resources to provide them with 
a satisfactory answer?


Thank you

--
Darin Steffl
Minnesota WiFi
www.mnwifi.com http://www.mnwifi.com/
507-634-WiFi
http://www.facebook.com/minnesotawifi Like us on Facebook 
http://www.facebook.com/minnesotawifi



--
D. Ryan Spott | NGC457, llc
broadband | telco | colo | communities
PO Box 1734 Sultan, WA 98294
425-939-0047

Re: [AFMUG] Banks Law Enforcement over Wireless

[Faisal Imtiaz]

The bank for example is moving from hosting on-site and going to the cloud so 
they'll no longer store any user data at their branch but someone else hosts 
it. 

This is a bit of a sticky wicket. let me see if I can try to explain it.. 

If and when the Bank goes thru a Security Test / Audit, they are going to need 
SSAE-16 certification from all of their 'transport' providers. 

If you are providing them with an Internet Connection, and they can do what 
they please, then it becomes their problem. However if and when the Auditors 
ask for the SSAE-16 cert, and it becomes a must for the bank to have it, then 
you will loose... (SSAE-16 cert is not simple, easy nor in-expensive to get). 

As for Law Enforcement agencies, I don't have much info on what they require. 

Your Mileage may vary. 

Faisal Imtiaz 
Snappy Internet  Telecom 
7266 SW 48 Street 
Miami, FL 33155 
Tel: 305 663 5518 x 232 

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

- Original Message -

 From: Darin Steffl darin.ste...@mnwifi.com
 To: af@afmug.com, memb...@wispa.org, Principal WISPA Member List
 w...@wispa.org
 Sent: Tuesday, June 30, 2015 2:39:00 PM
 Subject: [AFMUG] Banks  Law Enforcement over Wireless

 Hey guys,

 We're working with some local banks and law enforcement agencies to provide
 internet service to them and understandably, they're asking about security
 and if our fixed wireless service is secure enough for their service.

 I usually respond saying we use hardware encryption (WPA2-AES) on all our
 links but that their data also runs over SSL or some type of encrypted
 tunnel between their devices and their servers. The bank for example is
 moving from hosting on-site and going to the cloud so they'll no longer
 store any user data at their branch but someone else hosts it. I'm sure they
 have an encrypted tunnel of some sort to protect their data so the medium
 whether fiber or wireless really shouldn't matter.

 Has anyone dealt with banks or law enforcement agencies on the Wireless
 security issue and have any resources to provide them with a satisfactory
 answer?

 Thank you

 --
 Darin Steffl
 Minnesota WiFi
 www.mnwifi.com
 507-634-WiFi
 Like us on Facebook