On Feb 2, 20:25, Doc wrote:
A little amplification -
The building in question is a secured building. Guests are required
to log in & out, and rooms other than snack area & restrooms are locked.
It is a government building. Space is donated to a local computer
group. A member of that group simply plugged into the local LAN. The
building's rep did state that the port should not have been left hot,
and nobody has admitted, or claimed, that the member did anything but
access the internet.
Doesn't matter. A large proportion of computer misuse (figures vary, but
pretty well everyone agrees that they're significant) is from inside, in
any sizable organisation. Suppose someone else was up to no good, the
visiting
machine was insecure (highly probable), and was spotted by a scanner. It
becomes a gateway.
I guess my opinion, which isn't very popular
here, is that unless
permission has been explicitly given, one should not assume permission
to a local LAN, or internet access through the LAN.
You won't get any argument against that from me :-)
--
Pete Peter Turnbull
Network Manager
University of York