This morning I read an article in which the writer thought that wireless security was too inconvenient and difficult, so he simply disabled it, leaving his network wide open. He was tired of his complex password being too hard for guests to use and made the comparison that they didn’t have to use these kinds of security measures when asking for a glass of water, so why go to all this trouble? He also didn’t seem to be all that concerned about his ISPs “acceptable use” policy. I was beyond annoyed and left the following response:
Cool, could you send me your address too so that I can use your AP for hacking and pentesting? I get sooooo tired of war walking for an open access point. How about your email and banking passwords, because while I could MITM all your traffic and get those too, I’d rather not waste my GPU cycles or take the trouble to set up my Pineapple router.
Dude, you’re not only protecting your network from teenagers, but from Black Hats and douchebags who war drive neighborhoods looking for access points of uninformed schmucks who have weak or non-existent security. Your network bandwidth isn’t the same as water, because your confidential information traverses it, unless you equate network traffic to human waste and don’t much care who sees that either. Oh and could you leave your front door unlocked, because I’d rather sit on your couch and watch cable TV, than sit outside when I use your network.
Sure, like the others who posted messages, I could have brought up how to configure a guest network or maybe all the problems with SSL, but this guy is a tech writer and probably knows all this. The problem is that, like most security implementations, it couldn’t pass the n00b meter score for ease of use, so the guy finally gave up out of exasperation.
As security professionals, we spend way too much time in love with our solutions (and ourselves). We forget that average Joes and Janes have to use and understand them, going into a kind of anaphylactic shock when we find out (horror) that a user has bypassed the measure because it’s too complicated and gets in the way of real life. While I’m not very happy with the obvious oversimplification the writer made, I’m going to remember to apply the n00b meter score to my next design.