[AccessD] OT: Network over the phone lines

Frank Tanner III pctech at mybellybutton.com
Tue May 20 15:29:34 CDT 2003


My definition of "properly locked down" is that *NO*
machine that is not explicitly authorized, notice I
said machine, does not have access to the LAN.  Your
authorized account can be compromised.  It is very
difficult to compromise machine specific security. 
Pretty much all WiFi devices have the capabilities to
do this.  The security is based on the MAC address of
the network card.  Unless you know the MAC address of
an authorized machine AND that machine is not turned
on, it is very difficult to spoof that you are that
machine.

--- Bruce Bruen <bbruen at bigpond.com> wrote:
> Frank,
> 
> The school security is pretty good. Its just that we
> live so close that
> we can use their LAN via a proper authorised account
> as if he were in
> the schoolyard.  I was just having my POV that
> wireless "aint all its
> cracked up to be".
> 
> Bruce
> 
> -----Original Message-----
> From: accessd-bounces at databaseadvisors.com
> [mailto:accessd-bounces at databaseadvisors.com] On
> Behalf Of Frank Tanner
> III
> Sent: Tuesday, May 20, 2003 10:30 PM
> To: accessd at databaseadvisors.com
> Subject: RE: [AccessD] OT: Network over the phone
> lines
> 
> 
> You just agreed with what I said.  EXCEPT for one
> thing.
> 
> If properly locked down, nobody else can access your
> WiFi router.  It sounds like your son's school has
> their wide open.  Unfortunately this is normally the
> case.
> 
> You can TECHNICALLY have as many connections to a
> WiFi
> router as you'd like.  I never said you couldn't.  I
> said that they RECOMMENDED not having more than ten.
> 
> For the very reason you state.  Because, depending
> on
> the amount of data passing through the connections,
> the bandwidth gets useless VERY quickly.
> 
> Regardless, it sounds like your son's school needs
> to
> hire a computer security consultant.  For several
> reasons, pretty much all stemming from the unsecured
> WiFi routers.  Aside from the bandwidth issues,
> anyone accessing the
> school's network by using the router, pretty much
> has the same access as
> ANYONE else on the LAN.  Which means, unless the
> classroom is seperated
> from the campus LAN, not likely it sounds like it,
> an intruder has
> "trusted" access to the INTERNAL campus LAN.  It is
> relatively trivial
> once "inside" like this, to gain access to
> proprietary and/or
> confidential data, including any locally stored
> school records.  Which
> could include student names, addresses, telephone
> numbers, etc.  Most
> people aren't aware of the fact that this
> information is protected by
> law and violation of this law is subject to criminal
> and civil
> penalties.  Your son's school is opening themselves
> up to a WHOLE big
> legal mess, not to mention a scary situation with
> the "world" having
> access to this condifential data.
> 
> I *HIGHLY* recommend that you, or one of the other
> parents, contact them about this.  If they won't do
> anything, I'd suggest contacting the school board of
> this district.  As a parent, I wouldn't want my
> children's contact information OR scolastic
> information available to pretty much anyone that
> drives by the school with a laptop computer.
> 
> It's a proven fact that most networks have LESS
> internal security than they do from the outside
> world.
>  Meaning that most entities build a nice big
> fortress
> to keep the outwide world out, but once you're
> INSIDE
> the fortress, they left all of the doors unlocked. 
> So
> anyone getting into their fortress via this WiFi
> connection, has access to the inside of the fortress
> and all of it's unlocked doors.
> 
> --- Bruce Bruen <bbruen at bigpond.com> wrote:
> > Re: not more than 10
> > 
> > At my son's school they are using wireless routers
> > with much much more
> > that 10 connects.  We reckon up to 60 active
> > sessions at a time - AND up
> > to more than 200 connect attempts per router at
> the
> > beginning of lesson.
> > 
> > Result - performance during the times that the
> kids
> > try to log in =
> > absolutely useless!  Some can take up to 20
> minutes
> > of a lesson to get a
> > clean session negotiated - thus wasting most of
> the
> > students and
> > teachers available time.  I estimate that the
> > negotiated connects never
> > get any higher than 10mbps based on the experience
> > of my wife who
> > teaches there and says that the school network
> speed
> > is less than out
> > p2p 10 at home.
> > 
> > At my daughters school they use mini 5 port hubs
> in
> > the kids "work
> > stations" ( 4 desks screwed together) and a cabled
> > hub per classroom (
> > or at least 1 per pair of rooms)  Result - 10/100
> > connections in the
> > same time it takes them to plug in their blue
> worms!
> >  For 1200 kids,
> > connecting up to 6 times per day.
> > 
> > OTOH - as we live 300m by road from my son's
> school
> > and probably <100m
> > as the crow flies it does give him access to the
> > school (and the net)
> > without costing me a phone line!  But is this a
> good
> > thing - I think
> > not!  (who knows what evil lurks in the hearts of
> > pubescent web
> > surfers!)
> > 
> > So I suppose it depends on what you need to do
> with
> > wireless.  If you
> > want it so you can cart the laptop out to the
> > doghouse when you are
> > accused of ignoring your better half for a great
> > AccessD debate session,
> > then I suppose its great. But I reckon $15 worth
> of
> > cat5 + a weekend of
> > blue language and a couple of beers is a lot
> better.
> > 
> > JM20CW
> > 
> > Bruce
> > 
> > -----Original Message-----
> > From: accessd-bounces at databaseadvisors.com
> > [mailto:accessd-bounces at databaseadvisors.com] On
> > Behalf Of Frank Tanner
> > III
> > Sent: Tuesday, May 20, 2003 12:20 AM
> > To: accessd at databaseadvisors.com
> > Subject: Re: [AccessD] OT: Network over the phone
> > lines
> > 
> > 
> > Yes, you can.  In fact I am considering this
> myself,
> > so that I can have network access in my back yard
> > and
> > driveway areas.  Yes, I'm a geek at home
> too...ROFL
> > 
> > Cabling can get very expensive, unless you can do
> it yourself.  It's 
> > not so much the cable that's expensive.  It's the
> labor.  It's a b*tch
> 
> > to snake that cable throgh the rafters of the
> house and then
> > down the inside walls.  Especially if your inside
> > walls are insulated too, which most are anymore.
> > 
> > I was talking with one of the engineers at DLink,
> > and
> > they recomment not using more that ten wireless
> > devices per wireless router.  That's one of the
> > reasons I could never fully network my house via
> > wireless.  I have too many network devices and
> will
> > be
> > adding more as I automate my home via computer.
> > 
> > --- Rocky Smolin - Beach Access Software
> 
=== message truncated ===



More information about the AccessD mailing list