A good written article that describes the metrofi security issues and refers to how the deployers address these.
A few citates:
EarthLink is using this standard (WPA2/EAP) to secure its network for all users
MetroFi will offer it for premium users, those paying for service, but doesn’t plan to include it in their free, ad-supported version at the moment.
Kite plans to offer 802.1X as an add-on in the future.
the company (earth-link) offers “a supplicant available for download for anyone.” They pay a licensing fee to distribute what’s known as an EAP-TTLS client.
(http://www.securew2.com/ is the only one I know, and it is most popular, so IMO that’s what they pay for)
Walk-up customers to EarthLink’s networks can use a standard gateway page that doesn’t encrypt the local link
(two APs, two ESSIDs, no other way if “standard” devices want to access their network)
MetroFi’s CEO Chuck Haas said, “It’s (WPA/EAP) a lot easier today than it was three years ago. Mere mortals can get it working, and have gotten it working.”
(And he is probably right, it will take one day for a VB guru to create a wizard that does all by its own to install certificate and connects the device)
Kite has chosen to preconfigure its CPEs with a WPA2 Personal encryption key that requires no configuration by the user.
(similar to the FON approach, but depends on how random their PSK is)
MetroFi recommends people keep virus software up-to-date, run at least Windows firewall, and make sure to only use SSL/TLS protected Web sites when passing personal or financial information, which is sound advice on any network.
(who reads that?!?!?)
So far, EarthLink, MetroFi, and Kite have no plans to offer a personal VPN.
Linton said that its retail ISP partners that resell access might offer VPN services for niche audiences.
(great, security and privacy only for fat wallets)
MetroFi, Kite, and EarthLink all stated succinctly that intra-node traffic is secured using strong encryption.
EarthLink is perfectly happy that the issue of security is being raised, perhaps because they have the strongest baseline measures in place of any company I’m aware of. “I’m really glad that this is getting the attention that it deserves,” said EarthLink’s Linton.
(so and I ….)