Re: Perhaps the most OBVIOUS question you will ever see.

• Previous message: xanthviper_at_xanthviper.com: "Re: Data Encryption: Searching Encrypted Data"
• In reply to: Curious George: "Perhaps the most OBVIOUS question you will ever see."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 28 Jan 2005 18:36:17 -0500

Dear Colleagues:

In all of my years of posting to newsgroups I would have to say that the
response you all provided me are among the best I have ever seen. I thank
you all so very much for your advise.

To those of you who mentioned my excessive cross-posting, please accept my
apologies but this total lack of security is something that has given me
nightmares.

To those of you who suggested that I publish the address of one of our
parking lots, I would like to, if anything to prove a point, however, being
that I am the poor slob who would be called upon to remedy the problem (and
likely be the one who is blamed) its not advisable.

Now, without going into much fanfare (and to better respond to those of you
who inquired), my boss is one of those people who thinks they know it all.
My boss is a teacher and we are a school and every time that I have
suggested that we secure our wireless network, my boss rolls her eyes as if
I were crying wolf. The people who installed our waps said that we should
have some type of security in place, but her thing is all about what happens
if somebody comes in with a laptop and cannot connect. Of course I said
that such a person would have to visit the IT department, but this has
fallen upon deaf ears.

The biggest problem is not with the fact that my boss knows precious little
about managing a network and that the last time she was involved in any form
of network management was sometime back in 1985, it is because she is
adamant about her technical knowledge. It does not matter if 99% of the
industry believes in something (for example, having SDLT tape backup
devices) its what she thinks works and does not. In short, she is
completely ignorant.

To be clear, I have no quams about having a woman boss. What I have a
problem with is somebody who is so adamant that they are right and I am
wrong that it seems that no matter what I say, she will go against it.
There are more issues here than meet the eye, but I had to draw the line
when it came to the integrity of our data, not to mention what could happen
if the wrong person got in.

For those of you who mentioned that I should tread carefully, thank you. I
already have my resume and cover letter updated for even if they turned
around and changed all of the things that are totally wrong and dangerous, I
cannot stay in the sort of environment where our administrators take the
advice of somebody who clearly has precious little technical knowledge over
the advice of somebody who comes in with recommendations from a plethora of
experts.

This being said, I thank those of you who graciously contributed to this
thread and apologize to those who feel that my cross posts were excessive -
regardless of these complaints, those of you who took issue with my
crossposting also contributed good advise never the less.

Thank you so very much for your time and advice.

Curious George

"Curious George" <curious@spampoop.com> wrote in message
news:99hKd.1635$Vt6.340@fe10.lga...
> Dear Colleagues:
>
> For the life of me I don't know why I have to ask this question since the
> answer is so obvious, however, I need to have others tell me that I am not
> completely insane.
>
> I work at a place where we have a myriad of wireless access points and NO,
I
> am not writing from there at present.
>
> NONE of the wireless access points has any form of security on them
> whatsoever. No WEP, no CHAP. . . no nothing. Everything is open so you
> could walk into our joint, grab an IP address and surf the web to your
> heart's content.
>
> Here is the problem. My boss insists that its "no big deal" and that
since
> the servers are on the inside and protected, we really don't have a thing
to
> worry about. Furthermore, my boss is under the impression that since we
are
> situated in a wide area, that nobody would be able to get into our network
> because of this distance. Needless to say, my boss does not consider
> somebody sneaking into a parking lot with a laptop, a good network card
and
> a directional bazooka antenna a possibility.
>
> So here is what I have to explain to my boss' boss and, perhaps, the board
> of directors. . . and here is where I can't help but laugh. I hope that I
> will be able to keep a straight face come Monday when I have to explain
> myself to people why its important.
>
> Okay, so I know the analogies. For example, I understand that not having
a
> secure wireless network with many Waps and high gain transmission antennas
> is the same as putting cables out to anybody within 'x' amount of yards
with
> a sign that says "free internet access", but since I am going to be asked
> these obvious questions, just what type of damage could somebody do?
>
> Yeah, I know about denial of service attacks, yeah I also know about
> enumeration and password guessing, but considering that we have an SQL
> server on the inside of our network (no, the sa account password is not
> null) what are we talking about.
>
> I can envision so many things. Like somebody just sitting there caputring
> packets to get things like usernames, passwords and the like, but come on.
.
> . what else could they do.
>
> I have read my boss the riot act many times, but this is now going to go
in
> front of somebody over my boss' head, so, aside from giving them worst
case
> scenarios, end of the world analogies, etc., how else could people break
in.
>
> Creative responses are appreciated and will be rewarded with much praise.
>
> I can't believe that I have to actually explain this to people, and this
> entire thing would last about two seconds when it comes to talking with a
> computer professional, but you see, my boss is under the impression that
> they are a computer professional because they received a Master's degree
in
> Comp Sci back in the 80's. I know that this line of thinking is
dangerous,
> but I really want some creative answers to put my point across strongly,
and
> yet professionally.
>
> Although I realize that this post will likely be the *** of many jokes
> (which I will appreciate immensely) I never the less would appreciate a
bit
> of useful information in your responses.
>
> I am going to have a serious drink now, and then bang my head against the
> wall.
>
> Thanks in advance,
>
> CC
>
>

• Previous message: xanthviper_at_xanthviper.com: "Re: Data Encryption: Searching Encrypted Data"
• In reply to: Curious George: "Perhaps the most OBVIOUS question you will ever see."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]