A few years ago I was hired as sysadmin of a school. The guy who had the job before me had no experience whatsoever so I basically had to rebuild the whole system (except the wiring). A few weeks after I finished setting up everything I saw something odd in the DHCP logfiles.
Line after line I saw iPhones, Laptops and other mobile devices requesting (and receiving) IP addresses. I did implement a WLAN but its secured pretty good. In fact you have to authenticate yourself with a certificate and AD username/password until the access points allow you to connect. I didn’t think that the students (ages 11 to 19) figured out how to do that with their smartphones so I had to research a bit more where and how these devices got in.
I figured that the connections must have come from students of the university which is right across the street – but how.
After researching and reading logs from all the access points (to figure out if one of them is not configured properly) I went for a bottle of Coke which is next to the server room in the basement.
On my way there I noticed that one of the cleaning ladies was surfing from her private notebook. The thing is that only teachers and students have AD (Active Directory) access and so the cleaning staff couldn’t have access. I asked her if she had a personal internet stick or how she was surfing. She couldn’t answer – even if she would have understood my language she probably wouldn’t have been able to give me an answer so I took a look on my own and saw that she was connected to an access point called “Netgear”… I now knew that there was something really fishy.
All she could tell me was that the janitor had something to to with it so I asked him about this mysterious WLAN and he said that (hold tight) – in order for him and the other non-teacer-staff to surf the web he connected a netgear router he bought to one of the ethernet cables in the PC room.
That was it – the complex certificate-based WLAN access security method was bypassed by the janitors encryptionless and not-at-all configured Netgear router so him and the other staff can check their Facebook accounts.
This also enabled EVERY PERSON in a 50m radius to connect into the school without a password and had access to poorly configured printers, network shares and all of our servers. I didn’t know if I should laugh or cry and all I could think of way “yep.. this is really going to be an interesting job”
via: [Thwack Community]
Picture Source: [Commercial Cleaning Maryland]