It amazes me the amount of unprotected wireless networks I come across in a day. We have new laptops for work (Centrino based; sweeet), so I spend some down time hitting "Refresh Available Wireless Networks" in my wireless networks list all throughout the town. I circled one particular school and found 4 unprotected wireless networks.
It bothers me to see these networks, but not as much as the one I've found recently (it shall remain nameless to protect myself and the others that use it; no, it's not in the school district). I will say that it is an important establishment and can contain highly sensative data. I found a rather nice spot to connect at, and curiosity got the best of me. I fired up DameWare Utilities
to take a peek at what I could and could not get access to. The good news is that they didn't use the default settings on their router (that I can see. I haven't gone through the entire manual list for the router). The bad news is that I can access every workstation and their server.
What really bothers me is the sensitive nature of the data that these computers could (and probably do) hold. Anyone that knows what they're doing could park right up, connect in, and do exactly what I did..... except steal data and/or reek havoc on their network.
I know some of the people that work there (part of the reason I found the network to begin with), so I may get what they think I should do. They hire people (a company, I presume) to do their networking, so it's the stupidity of those "IT" people. I'm just afraid of the repercussions I might have to face since I did a little bit of snooping. The way I see it, there's no privacy being infringed on here. Yeah, the data that's probably on these computers are private, but if they're open for the whole world to see because their router is 1. broadcasting it's wireless ID and 2. is unencrypted, there is no privacy to bypass. It's open, right there, and waiting for anyone with a wireless-enabled computer to happen to notice an unprotected wireless network (802.11b, actually).
I'm sure this company would like to know that the people they hired to do their IT work are complete morons. I just have to find the right way to let them know.
So, if you have a wireless network, make sure you've done the following to protect your network:
- Disable the ability for your router to broadcast the wireless id. This is the first step. The tech savvy can't get on a network they don't know is there (unless they have the proper equipment).
- Enable WEP. There's really no excuse to not do this.
- Change the default settings for your router. The biggest setting to change is the administrator login information. Change both username and password.