Security Problems with Allowing Wireless Routers

[forsakenseraph]

A question regarding my other thread which got closed

Most ICT departments frown on (and rightly so) on people adding wireless routers to their networks. It makes things really screwed up, from a network admin's standpoint at the least.

What are some of the problems that come with allowing wireless routers on networks? I understand the need for some kind of tracking and accountability, but can't one login, and association of all traffic to that IP, which would be the router's, be enough?

--------------------------
Our forums policy allows general discussion of issues like this one in general.

We are Not allowing posting specific instructions of how to Brake the Rules of other Networks that do not belong to you.

You can agree or disagree with the college policies but you can Not ask here for instructions of how to go around these rules.

If the thread will "slide" into explanations about the actual configuration of such system I would have to delete and close this thread too.

Thank you for your cooperation

-Jack
Moderator

 

[dawks]

They're worried that if you add a wireless access point, random people will jump on the network, potentially with infected computers, and spread their virus's inside the network. Which could cause a whole ton of pain for everyone. Or a malicious user could gain easy access and start snooping around.
Yes they would have tracking/accountability, but that would only serve to punish. Who cleans up the mess afterwards?

While I'm not a fan of the admins closing such a benign thread, I will warn you, good network admins will be able to detect you sharing your connection with other devices. This can be grounds for termination of service. I wouldn't be surprised if some schools would justify expulsion for such activities as well.

 

[gsaldivar]

Unauthorized access to a company's networks and computer systems is a serious matter. I've seen individuals terminated and taken away in handcuffs for flouting a company's computing policy. Since the security of the entire network can be compromised with a single "weak link", it's the job of the systems admin to ensure that every device connected to that network is done so in a secure manner. Don't be the one who learns the hard way how far a company will go to protect access to its internal systems!

 

[Ghiedo27]

I understand the need for some kind of tracking and accountability, but can't one login, and association of all traffic to that IP, which would be the router's, be enough?

That's kind of backwards. You don't install a security camera on your door before you buy a lock for it. The first measure is always to prevent bad things from happening in the first place or at least try to.

And yeah, messing with your employers business is a great way to get fired.

 

[spidey07]

Not only that but it interferes greatly with their wireless network, can cause bridging loops, become a rogue DHCP server, all kinds of bad things can happen whenever any NON-IS network equipment is put on their network. The security concerns mentioned are the greatest risk however and biggest reason why it's strictly forbidden at almost any company.

Also modern wireless networks have the ability to not only detect that wireless router immediately, but to locate it or actively attack it and also shut it's network port down.

 

[unokitty]

Rogue Access Points -- All you want to know about.

If you are working on an Academic Network, you need to become familiar with their policies. It wouldn't be prudent to jeopardize your academic experience with some unauthorized experimentation.

If you can afford it, SANs offers an excellent wireless class. When I took the class Joshua Wright was the primary author. You might find his web site interesting. Willhackforsushi.com

Best of luck.
Uno

 

[forsakenseraph]

I never meant for this thread to be another way to get information about how to obtain unauthorized access. I was honestly curious was to what was the reasoning behind decisions such as those, since in previous situations, the network was never set up like this before.
Thanks for the warnings everyone, and thanks for the link Uno, that was specifically what I was wondering about.