I'm a smart guy. I know a lot about Internet security. But I have limits on what I want to learn. I just bought an 802.11g rig - access point, wireless bridge, laptop. I've put the access point inside my firewall because that is what makes the most sense to me. So I go to enable WEP & MAC filtering - yes, it's not perfect, but I think it's good enough. What a pain! Linksys' interface has me type an ASCII passphrase which it turns into a random hexadecimal string. Kinda cool, but my driver on the laptop doesn't know about the ASCII convention, so I have to type the 18 character string. What a nuisance! And the usability is awful - I have about 6 different choices of the input format for the WEP key, why do I have to choose which one I typed? Can't it tell?

Then I go to secure all the machines inside my firewall, so in case someone breaks the WEP it's not a total disaster. Did you know that Windows XP enables "Simple File Sharing" by default? That's the kind without passwords. You can turn it off by opening the "Folder View" option - the one that usually controls the visual layout of folders. And then, once you've got "Complex File Sharing" on (WinXP Pro only, no WinXP Home), you have to go to every share and set permissions. Only the permission setting interface is confusing, and there's no easy way to configure permissions from the list of folders you're sharing. So finally I decide to turn off file sharing entirely. How do you do this? By going to the Network Connection for the LAN, and selecting "remove Windows file sharing". Seems sort of intuitive, only I still don't understand - does that just turn off my file sharing server, or does it disable the client too?

What a mess. We've got a long way to go on the usability of security.

techbad
  2003-01-23 08:00 Z