… then it’s unmanaged and open to exploit.  As happened with a customer in mid-2004.

phonearticle The “batphone” rings and it’s one of our desktop support guys.

“We’re detected a wireless router plugged into the customers network, what do you want me to do?”

Wait 5 while I see if it’s authorised… (it’s not)
‘Unplug that sucker!’

Customer complaint rolls in, with justification as follows:

  1. It’s an executive PA who’s using the link
  2. We’re using strong encryption (they were not, it was WEP)
  3. We keep the encryption key closely guarded.

In the rush to fix an Executive PA’s LAN link, the customer broke their own security model.

With the backing of the customer’s security group, we said “It’s not being connected again.”

And the original problem was fixed next day.

Further reading:
WEP: Wireless security’s broken skeleton in the closet
The Batphone
How To Build Your Own Batphone

Bookmark and Share