I’m at a church this evening for a workshop on Internet safety and safe online social networking. I’m thrilled they have free, open WiFi access (that is very fast, incidentally) but dismayed to see they’ve put their wireless access points on the same network as their wired, administrative/staff computers. How do I know this? The finder Window of Mac OS 10.5 shows all computers that are visible/browsable on the network:
According to WikiPedia’s current entry, a VLAN or “virtual LAN” is:
…a group of hosts with a common set of requirements that communicate as if they were attached to the same wire, regardless of their physical location. A VLAN has the same attributes as a physical LAN, but it allows for end stations to be grouped together even if they are not located on the same LAN segment. Network reconfiguration can be done through software instead of physically relocating devices.
Functionally in this context, if this church had VLANs then I (as someone on the public wireless network) would NOT be able to see, browse to, and potentially “hack into” any of the organizations’ computers from the wireless network. Of course I’m not hacking into anything, I’m just using the Internet access to browse other sites, but the fact that POTENTIALLY someone could directly ping and access those computers IS a problem of which administrators should be aware.
When someone at a school decides to bring a wireless access point and plug it into the school’s computer network via an open ethernet port in their classroom, they potentially put all the computers on the network at risk for malware and hacking attacks. Organizational network administrators (including both schools and churches) need to use an intrusion detection solution like Snort (free) or TippingPoint (commercial) to proactively defend wired networks against this sort of threat. Turning OFF DHCP on the network can help prevent casual users from gaining unauthorized access to the Internet on your network, but free tools like Kismet and Airsnort permit even casual hackers (script kiddies) to obtain valid IP credentials, a valid MAC address, and even a WEP password (using a tool like Aircrack.)
The lesson: Purchase networking switches which support VLANs, and implement login processes (with secure passwords) within a networking architecture using VLANs. Monitor your network utilization (with InterMapper or something similar) and use an intrusion detection solution!
If you enjoyed this post and found it useful, consider subscribing to Wes' free, weekly newsletter. Generally Wes shares a new edition on Monday mornings, and it includes a TIP, a TOOL, a TEXT (article to read) and a TUTORIAL video. You can also check out past editions of Wes' newsletter online free!
Did you know Wes has published several eBooks and "eBook singles?" 1 of them is available free! Check them out! Also visit Wes' subscription-based tutorial VIDEO library supporting technology integrating teachers worldwide!MORE WAYS TO LEARN WITH WES: Do you use a smartphone or tablet? Subscribe to Wes' free magazine "iReading" on Flipboard! Follow Dr. Wesley Fryer on Twitter (@wfryer), Facebook and Google+. Also "like" Wes' Facebook page for "Speed of Creativity Learning". Don't miss Wesley's latest technology integration project, "Show With Media: What Do You Want to CREATE Today?"
On this day..
- Learning about Schoolwide WordPress Blogs with Andrea Hernandez - 2015
- Tough Creative Love: The Why and How of Creative Action - 2012
- Breakthrough Thinking by Peter Diamandis - 2012
- Encouraging Creativity in Education through Community & Technology - 2012
- Leading a Culture of Innovation by Sir Ken Robinson - 2012
- Creating Oral History Interview Videos on an iPod Touch - 2011
- iPad Doorprizes, Clearly Announced Conference Recording Permissions, & Ustreaming #micon - 2010
- Carl Anderson on Learning and the Purpose of School (video) - 2010
- Controversial Anti-Abortion Education Campaign at UNT - 2010
- Utilizing Social Media (in schools and for citizen journalism) #collab21 - 2010