Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Physically Securing Routers

Status
Not open for further replies.

TekSolutions

IS-IT--Management
Jul 15, 2011
71
The company I work for has several locations. All locations have one router, some have two and some have one or two 5 or 8 ports switches. Most routers are models WRT54G or GL

The problem I am having is the routers are not locked up, although I would like them to be they just do not have any way of doing that. The problem arises when employees feel the need to do a hard rest on the routers. At which point the internet does not work because the Static IP has been wiped out, as well as the default LAN IP restored which only one LAN uses.

Some locations process credit cards over the internet, and all stores have multiple ports forwarded, and a web based inventory system, among other systems. Additionally to add to the issue, some locations are an hour away minimum.

Before I have the company build / install custom 'lock boxes' is their something on the market designed to secure routers that I could use to lock up one or two Linksys routers and one or two switches. If the switches can not be locked up that is fine, at least they cannot be screwed up with a hard reset.

Some routers do have ddwrt firm ware which allows for the rest button to be disabled but I do not want to disable it, in the event I may need it in the future.

I have googled, but everything I find is about securing the routers digitally not physically.

Any suggestions?

Thank you
 
That is purely a behavioral problem which should be addressed by human resources or the manager. I can't imagine any company allowing employees to screw with equipment like that! But having said that and to your point:

That's why companies with real IT departments always have "server rooms and wiring closets" with locks at the very minimum. I've seen converted coat closets as server rooms, but that doesn't matter - they WERE secured.

If someone in charge can't force some sense into the button pushers, they will have to be physically secured. What about something LIKE this. You'd have to drill a hole in the wall and the box to get the cables into it though.


You could fry a turnip on my forehead if people did that where I was working - unless you're charging by the visit/hour.
 
I am there IT department, IT Administrator. I know about the rules of securing servers and other equipment, issue is that the servers are at the main office. Each location does not have their own server. Additionally the only major equipment is the little Linksys routers. Also there are no rooms that the employees do not have access to.

While I don't have the power to enforce it, I have told them that if there is an issue with the internet call me and I will get there as soon as I can. But they won't listen, I have even put notices on the routers and they are ignored.

Thanks for the suggestions. I was hoping for something that was designed for what I want.
 
Well I told them that I was going to start charging them a consulting fee to reconfigure each router after they have been reset. But to avoid that headache I am just trying secure them.

The termination is what I would like to see, however their is more then one employee in the store and no one will admit who it was that reset the routers. But like you said it is an HR issue, Problem with HR is either the do not understand the importance of this or don't care or what ever.

What it comes down to is if I don't do something about it, it will remain my headache.

Again thanks for the suggestions.
 
You install the lock box or cabinet and bill the company or let the network fail, and when the corp idiots ask why, tell them why!

Video does wonders for catching people in the act...

I use to have this problem with phones, especially in the early modular jack days. So I just clip the tip of the clip on the modular plug. They are clueless how to unplug them without it! (It works on data patch cords also.)

You might invest in a more robust router also, something like a Fortigate or Juniper Networks...

....JIM....
 
I'm glad people agreed with me that it was a behavioral and thus a HR problem. It CAN be solved from a technical perspective (secure the equipment) but no doubt one of the owners or manager would have a fit if he knew he was paying someone to lock up the routers or fix them all the time because employees were screwing with them.

Talk about a stroke inducer.

The other thing that I should have said with my first reply. You might look into more reliable (non-SOHO) equipment that will run for 8 months without needing a soft reset. And using DD-WRT in an office environment is kind of asking for trouble - bugs in every version leading to needing to reboot.
 
Random thought. Get one of those fake security video cameras and mount it on the ceiling above the router. Put a sign on the router that says "smile - you're on camera".

Psychological warfare. Fun.
 
@SYQUEST I would love to just install a solution and bill issue is. That bill may not be paid if they did not approve in advance.

@goombawaho I agree it is behavioral, problem is that management is part of the problem, I believe. I will be sending an email to all office personnel, including the owner, about this situation. But I believe he already knows. Again they will make it my issue to resolve because I am IT. I would love to install a cisco or juniper router, but I know they will not pay for it.

As far as the DD-WRT goes I have not had issues with it. I have it running on two routers in my Home and office, and one set up as a WAP and one as a bridge. I have not had any problems. Although I know what you mean.

@goombawaho the psychological part would not work, because they are already on camera, all stores already have security cameras. Problem there arises because I do not know when the routers are being reset. Most stores have a backup for processing credit cards, or they do not process CC over the internet (only some stores do). So I won't know until several hours later when the inventory system fails. If it happens on the weekend I won't know until the Monday morning.

I was hoping to be able to use a method to monitor the networks, and when they went down I would receive an email. Kind of like MSP software. That way I would be able nail it down better. But everything I have found costs money.
 
You should have a discussion with the owners about how valuable they think the network is to their business, its security, and spending some capital on it, instead of being greedy with the profits!!

Have you set up the Linksys for remote access? Even though it is limited in logging stuff, something is better than nothing... At least check to see what is there, you might be surprised what you find and how creative you can be.

....JIM....
 
@SYQUEST Yes I have remote access to all routers. I have also allowed Anonymous WAN Requests. I have sent an email to the management that something needs to be done. I have also drawn up a Computer use Policy, I gave them the rough draft this evening.

Supposedly we will discuss it on Monday.

I know I can get electrical boxes of varying sizes with a cover. I am going to take a closer look at those on Monday as well. Hopefully I can figure out a way to use the cover as a door and figure out a way to put a lock on it.

Any body know how much the wireless signal will be degraded if the router is in a metal box like that. Or should I figure out a way to get the antennas on the outside of the box.

Again thanks for all the suggestions
 
What a messy situation. Here's the bottom line.

You can quit working for them OR

You can charge them every time when they screw things up and document it and send it to management. Do you have somewhere on your invoice where you site the CAUSE for the visit/resolution for the problem summary? If so, print it out and use highlighter on it.

You can price out some better equipment and some lock boxes and compare it to repeated calls out there that you have to make (and bill for) to show management the situation.

If they're worth keeping as a customer, you have to do battle. Focus on management. If they won't do anything, quitting is always an option.
 
I am not a contractor for them. I am one of their employees so I have no invoices. I do want to get some kind of ticket system, however although I have only worked for them since July, I have worked for them through a contractor. Because of that I know anything like that they most likely will not pay for. Everything like that I am trying to find needs to be open source and / or free.

I would also like some kind of MSP software, to manage updates, remote support etc but again it needs to be open source or free.

Supposedly we will be discussing this on Monday.
 
I am not a contractor for them. I am one of their employees so I have no invoices.

Then you are stuck my brotha. Butttt....... Moving on is always an option.

If you don't want to move on, you could think of it as job security as long as management knows it's not YOUR fault that things don't work. Document all the problems, dates, their causes, and what you did to get things working. CYA + it will show management that you are not the source of the problem.

The most important thing is that you don't get scapegoated for the boneheads. That's the type of organization that sinks under its own weight and you don't want to get thrown overboard.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top