Physically Securing Routers
Physically Securing Routers
(OP)
The company I work for has several locations. All locations have one router, some have two and some have one or two 5 or 8 ports switches. Most routers are models WRT54G or GL
The problem I am having is the routers are not locked up, although I would like them to be they just do not have any way of doing that. The problem arises when employees feel the need to do a hard rest on the routers. At which point the internet does not work because the Static IP has been wiped out, as well as the default LAN IP restored which only one LAN uses.
Some locations process credit cards over the internet, and all stores have multiple ports forwarded, and a web based inventory system, among other systems. Additionally to add to the issue, some locations are an hour away minimum.
Before I have the company build / install custom 'lock boxes' is their something on the market designed to secure routers that I could use to lock up one or two Linksys routers and one or two switches. If the switches can not be locked up that is fine, at least they cannot be screwed up with a hard reset.
Some routers do have ddwrt firm ware which allows for the rest button to be disabled but I do not want to disable it, in the event I may need it in the future.
I have googled, but everything I find is about securing the routers digitally not physically.
Any suggestions?
Thank you
The problem I am having is the routers are not locked up, although I would like them to be they just do not have any way of doing that. The problem arises when employees feel the need to do a hard rest on the routers. At which point the internet does not work because the Static IP has been wiped out, as well as the default LAN IP restored which only one LAN uses.
Some locations process credit cards over the internet, and all stores have multiple ports forwarded, and a web based inventory system, among other systems. Additionally to add to the issue, some locations are an hour away minimum.
Before I have the company build / install custom 'lock boxes' is their something on the market designed to secure routers that I could use to lock up one or two Linksys routers and one or two switches. If the switches can not be locked up that is fine, at least they cannot be screwed up with a hard reset.
Some routers do have ddwrt firm ware which allows for the rest button to be disabled but I do not want to disable it, in the event I may need it in the future.
I have googled, but everything I find is about securing the routers digitally not physically.
Any suggestions?
Thank you
RE: Physically Securing Routers
That's why companies with real IT departments always have "server rooms and wiring closets" with locks at the very minimum. I've seen converted coat closets as server rooms, but that doesn't matter - they WERE secured.
If someone in charge can't force some sense into the button pushers, they will have to be physically secured. What about something LIKE this. You'd have to drill a hole in the wall and the box to get the cables into it though.
htt
htt
You could fry a turnip on my forehead if people did that where I was working - unless you're charging by the visit/hour.
RE: Physically Securing Routers
While I don't have the power to enforce it, I have told them that if there is an issue with the internet call me and I will get there as soon as I can. But they won't listen, I have even put notices on the routers and they are ignored.
Thanks for the suggestions. I was hoping for something that was designed for what I want.
RE: Physically Securing Routers
Or you can buy a lockable box for the router. Your call.
http:/
I tried to remain child-like, all I acheived was childish.
RE: Physically Securing Routers
The termination is what I would like to see, however their is more then one employee in the store and no one will admit who it was that reset the routers. But like you said it is an HR issue, Problem with HR is either the do not understand the importance of this or don't care or what ever.
What it comes down to is if I don't do something about it, it will remain my headache.
Again thanks for the suggestions.
RE: Physically Securing Routers
Video does wonders for catching people in the act...
I use to have this problem with phones, especially in the early modular jack days. So I just clip the tip of the clip on the modular plug. They are clueless how to unplug them without it! (It works on data patch cords also.)
You might invest in a more robust router also, something like a Fortigate or Juniper Networks...
....JIM....
RE: Physically Securing Routers
Talk about a stroke inducer.
The other thing that I should have said with my first reply. You might look into more reliable (non-SOHO) equipment that will run for 8 months without needing a soft reset. And using DD-WRT in an office environment is kind of asking for trouble - bugs in every version leading to needing to reboot.
RE: Physically Securing Routers
Psychological warfare. Fun.
RE: Physically Securing Routers
@goombawaho I agree it is behavioral, problem is that management is part of the problem, I believe. I will be sending an email to all office personnel, including the owner, about this situation. But I believe he already knows. Again they will make it my issue to resolve because I am IT. I would love to install a cisco or juniper router, but I know they will not pay for it.
As far as the DD-WRT goes I have not had issues with it. I have it running on two routers in my Home and office, and one set up as a WAP and one as a bridge. I have not had any problems. Although I know what you mean.
@goombawaho the psychological part would not work, because they are already on camera, all stores already have security cameras. Problem there arises because I do not know when the routers are being reset. Most stores have a backup for processing credit cards, or they do not process CC over the internet (only some stores do). So I won't know until several hours later when the inventory system fails. If it happens on the weekend I won't know until the Monday morning.
I was hoping to be able to use a method to monitor the networks, and when they went down I would receive an email. Kind of like MSP software. That way I would be able nail it down better. But everything I have found costs money.
RE: Physically Securing Routers
Have you set up the Linksys for remote access? Even though it is limited in logging stuff, something is better than nothing... At least check to see what is there, you might be surprised what you find and how creative you can be.
....JIM....
RE: Physically Securing Routers
Supposedly we will discuss it on Monday.
I know I can get electrical boxes of varying sizes with a cover. I am going to take a closer look at those on Monday as well. Hopefully I can figure out a way to use the cover as a door and figure out a way to put a lock on it.
Any body know how much the wireless signal will be degraded if the router is in a metal box like that. Or should I figure out a way to get the antennas on the outside of the box.
Again thanks for all the suggestions
RE: Physically Securing Routers
http://ww
I tried to remain child-like, all I acheived was childish.
RE: Physically Securing Routers
You can quit working for them OR
You can charge them every time when they screw things up and document it and send it to management. Do you have somewhere on your invoice where you site the CAUSE for the visit/resolution for the problem summary? If so, print it out and use highlighter on it.
You can price out some better equipment and some lock boxes and compare it to repeated calls out there that you have to make (and bill for) to show management the situation.
If they're worth keeping as a customer, you have to do battle. Focus on management. If they won't do anything, quitting is always an option.
RE: Physically Securing Routers
I would also like some kind of MSP software, to manage updates, remote support etc but again it needs to be open source or free.
Supposedly we will be discussing this on Monday.
RE: Physically Securing Routers
Then you are stuck my brotha. Butttt....... Moving on is always an option.
If you don't want to move on, you could think of it as job security as long as management knows it's not YOUR fault that things don't work. Document all the problems, dates, their causes, and what you did to get things working. CYA + it will show management that you are not the source of the problem.
The most important thing is that you don't get scapegoated for the boneheads. That's the type of organization that sinks under its own weight and you don't want to get thrown overboard.