That was one of my worries however you cannot connect the laptop to 2 networks at the same time, and you cannot setup a dedicated bridge without knowing my network details.outsiders being able to connect your network to the Internet via this AP using a simple network bridge
You could connect two laptops together with cable and put one on my network and the other on his but I dont think that is likely to happen.
I cannot think of any other ways that someone can get access to the internal network (unless I missed anything, I am all ears on this)via his AP because I would only have to make a quick call to the LEA and they'd go mental and that would do the trick with clueless management.
Agreed but we need to provide the stimulus!This isn't an issue that you should be looking for a technical solution for, its a management problem that the management should be dealing with.
I see, in the past I have found that informing/reminding the right people that they are ultimately responsible for child safety and the kind of newspaper headlines that would occur after an incident has focussed people's mindsOriginally Posted by blacksheep
Agreed but we need to provide the stimulus!
I think you really need to lock down your wireless settings.
The fact that this is the caretakers wireless network that is being connected to is, to my mind, a bit of a red herring.
I am sure there are many houses near to your school, any one of them could set up an unsecured wireless network. (It may be the case that once you secure the caretakers wirless one of the students that lives nearby will set up their own unsecured network!!) how would you go about dealing with this?
Yes always has been, you might be able to reboot and lose it and then maybe get in with cached settings or something. I havent actually tryed if I can get on the internet with one of my domain based laptops.You should also force the use of a proxy via GPO
I am doing that slowly because being up to the eyeballs in work I have only had time to do a GPO things for now.I think you really need to lock down your wireless settings.
If can see if the caretaker brings his wlan back on (he has just switched it off at the moment) and its remains unrestricted then I there is still the issue of pupils using the host of other devices available to get unrestricted access onsite and working out the one other way on the laptops. I have also a few laptops with local admin access (application reasons, plus one or two exceptions)
So lockdown is good, but that alone misses the point! There are no other APs been setup and not many houses nearby.
I dont know about you but if I spend a load of time locking things down to the hilt then all I get is complaints about why things are taking so long. So I tend to get things out secure but there is always some things that can be further tightened. TBH I still have better security than many of the schools I have been to around here (only been to a few) but you have to draw the line somewhere. Just another thing to keep up with..
Lets just see how it pans out, I will wait until some more stuff happens.
Last edited by blacksheep; 30th April 2009 at 12:13 PM.
set a policy to disallow changing of network settings on your latops....
then put a computer together to download as many films / files / images as possible on his connection so it goes over bandwidth and they cut him off.
he'll lock it down soon enough
Better than that, torrent some bomb making instructions down it.set a policy to disallow changing of network settings on your latops....
then put a computer together to download as many films / files / images as possible on his connection so it goes over bandwidth and they cut him off.
he'll lock it down soon enough
As far as I have looked wlan gpo settings are not as powerful as the ones for a LAN, in fact just the usual 'domain user' level is good enough for my LAN icon on the systray.set a policy to disallow changing of network settings on your latops....
With my GPO You cant add or modify them but you can click and connect from the list of 'found networks'.
LOLthen put a computer together to download as many films / files / images as possible on his connection so it goes over bandwidth and they cut him off.
Better than that, torrent some bomb making instructions down it.. Set something up out of the way and kick off some downloads. How about a script to google some common afghanistan type groups etc.
The persistent connection of torrent would work really well, as it will continously reconnect when available lol.
Think if I torrent, 1)l SLT action when they speak to him2) He sets it up proper
Should be a few months of connectivity either way
Or if you can get onto his network, means you probably can access one of his pc's (\\PC\c$)Seems pretty simple to me, get an old/scraped machine (with wireless, laptop?). Install a torrent downloader, make sure it is set to unlimited upload/download, get 5-10 very big legit (yes they do exist! full versions of various mmorpgs comes to mind) torrents, connect the laptop to his router and set the torrents off, either he'll get fedup and set encryption or even if he doesn't then the connection should be that hopeless that the kids will stop bothering with it.
Think of it as education by brute force
Put a shutdown script onto his pc in the startup folder of allusers.
He'll ask you to fix his pc then and you can negotiate with him ;P
I might of missed this in the thread but is the care takers property on the school grounds/owned by the school?
Last edited by p858snake; 30th April 2009 at 12:58 PM.
I'm assuming it's at the caretaker's house - they're often right next to the school.
Yes I was assuming that, if its his own house then thats a different matter
As I see this it doesn't matter if it's his house or school's house. If it's his personal home broadband that is unsecured it's his business (like it would be if the students were connecting to one anywhere with the vicinity). The fact he is an employee of the school is irrelevant - it's not a problem with his professional duties or his performance.
If you were to connect to it and interfere with his computers/setup torrent downloads etc you would be the one breaking the law.
It's not very smart for him having an unsecured network but I don't see as there is a lot you can do about it.
Although it might be a good idea to point out who's door the Police will come knocking if his internet connection is used for something illegal.
I didn't mean that they would use your laptops to gain access - what's stopping them popping a Linux-based laptop in a hidden corner? The caretaker is then providing the last 'hop' from the 'net to your network.That was one of my worries however you cannot connect the laptop to 2 networks at the same time, and you cannot setup a dedicated bridge without knowing my network details.
You could connect two laptops together with cable and put one on my network and the other on his but I dont think that is likely to happen.
I cannot think of any other ways that someone can get access to the internal network (unless I missed anything, I am all ears on this
his house or not, after school hours, he cant use the school internet, as it is deemed business use only. He probably got his own so that he doesnt need to muck around using the schools internet. Our caretaker did the same thing and as we get on well and do each other favours all the time, I set it up in around 10 minutes (includes 3 laptops and 2 desktops). He got me a bottle of scotch in return!
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote