| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 113153 | 2010-10-07 08:41:00 | Network security = shocker | The Error Guy (14052) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1142419 | 2010-10-07 08:41:00 | Just been thinking about the secure state of my schools network. its pretty much a shambles! School PC's run norton somewhere which has become the school joke as a virus alert kept popping up during a telling off session from out deputy head. other than that I think they run some random business/network AV program so thats sort of ok. however every wireless AP is unsecured, all traffic goes through a HTTP proxy and the connection is encrypted by base64 :eek:. the whole thing is a security mess, all it takes is a packet capture and then you have logons, log into proxy more captures and you could start capturing Admin passwords :drool At one stage we thought we were clever and downloaded AB tutor control (the software on all school PC's, handy dictatorship style app) and tried to turn off random computers. only problem was they all had passwords, all except our network admins computer :clap, that was not passworded (i mean of all the computers the admins?) There are virtually millions of flaws in the security, i wounder how long it is before someone exploits them? I'm trying to work with the staff to fix the blasted thing but its not going very far.:annoyed: Anyone else had some schocker shocker networks? |
The Error Guy (14052) | ||
| 1142420 | 2010-10-07 09:08:00 | One of my old schools had a proxy setup that required all traffic to go through a specific port that required authentication, so one day when working there I asked if I could access the net from my laptop they said no so I was playing around on lunch-break, changed the port to access the internet to 443 and hey presto I had internet that was faster than any other computer in the school, shame I had the good nature to tell them about it. | nedkelly (9059) | ||
| 1142421 | 2010-10-07 19:10:00 | Once one of the guys routed all network traffic from the server through one of the boarding house routers to his laptop, the router was a WRT54G, it failed to cope after 15mins. he also spoofed the servers MAC. it gets epically boring sometimes, hence the fact we usually spend afternoons doing stuff we're not supposed to in the winter. summers great though. we pretty much spend the whole day at the river |
The Error Guy (14052) | ||
| 1142422 | 2010-10-07 19:37:00 | They do it to keep students entertained, it's also a great way to find a prodigy child to pass on your knowledge to so you can one day pass the mantle ;) | Chilling_Silence (9) | ||
| 1142423 | 2010-10-07 20:41:00 | There many ways to lock down a system and many ways for the students to try and hack it. Even school Zone provided by Telecom has holes the size of elephants when to comes to online access. All one can do is try and keep one step ahead. |
berryb (99) | ||
| 1142424 | 2010-10-07 20:46:00 | Before my highschool's network admin got his act together (sort of) there were rather immense holes in the network. At one point a friend of mine used a live linux cd to access all the files on the school server as none were passworded. He changed the splash page image that people see when they log into the intranet from a chess set on a globe to a paint smiley face, then it got taken down, then he replaced it with a shoddy paint penis. It was bloody hilarious. Since then there's been a new net filter added which is an absolute beast, blocking anything from google searches for proxies to blocking sites for being 'game' related when there's nothing of the sort on or even near them. I assume there's also been a password added to the server and some other fixes added but yeah, it was pretty terrible till that time. |
8ftmetalhaed (14526) | ||
| 1142425 | 2010-10-08 00:39:00 | Your school left boot from cds enabled? Hilarious | nedkelly (9059) | ||
| 1142426 | 2010-10-08 01:56:00 | I have some experience with school networks . . . I ran a school network for a year . 1 . sort out a good firewall . even a free one . 2 . lock down the WIFI . WPA or better . 3 . setup a proxy that has black lists and logging of URL's . you NEED to be able to block some sites . 4 . re-build every desktop . you don't know what crud is in them . 5 . get AV on every desktop . even free AV is OK . 6 . setup good desktop lock down policy . lock down stuff students don't need . block the install of random programs . BIOS passwords and boot order . control panel . 7 . get some policy about hacking, enforce it on students who think the network is a play ground . get parents to sign off on this before the child is given a network login . 8 . if you find the right kind of student, ask them to help run the network . often the "hacker" students are just board geeks, give them something productive to do . 9 . keep up with the maintenance, read the proxy logs every day . even write a few scripts to look for key words in the logs . www . <adult word of choice> . com is almost always a bad site :-) step 9 is the most important . depending on the size of the network, this can be a full time job . a guide line is more then 100 desktops = full time admin . other questions include: * backup? * domain name? * email accounts? * printing? * remote access? . |
robsonde (120) | ||
| 1142427 | 2010-10-08 02:35:00 | That reminds me, BIOS is not passworded, set boot to my external. problem solved. at one time I had an internal HDD in one of the Boarding house PC's that was "broken" (its proper OS had packed up and died so no one used it) Their proxy is fine but the actual internet provided is horrible 2mb/s, that gets pretty slow when 50ppl are using, so during classes its almost un-usable at times\ They use schoolzone so filtering is Ok except most people (especially boarders) disagree with a lot of content that the school blocks |
The Error Guy (14052) | ||
| 1142428 | 2010-10-08 05:44:00 | 50 using 2mbps (16m/bit?) is HEAPS! Somebody isn't QoS'ing properly ... Hell I've run over 100 people on 4m/bit successfully. Blocking YouTube and throttling other streaming video helps immensely. | Chilling_Silence (9) | ||
| 1 2 | |||||