Possible Workplace Sabotage?
-
We use Aruba to manage our wireless AP's (72 of them). At 9:00 PM Friday night the guest network goes down. I come in today and the administrator for this building mentioned it to me. I attempted to log into it and a welcome page with a sign in and terms/conditions is supposed to load but it failed with an error. I noticed that the gateway was set to 192.168.12.2 instead of 192.168.12.1. Now, none of the logs say the gateway was changed. The network only went down Friday. Aruba (the company) has logs as well and doesn't show the gateway changing. It's really weird.
Am I right to feel a little uneasy about this? It's convenient that it was done right after I left work, on a Friday and in a way that didn't affect profit at all. This was only the guest network. Seems really convenient to me.
-
So if it is sabotage and didn't affect profits... what was really sabotaged?
If you feel that it is foul play, do you feel that there is some possible gain from this to someone?
-
@scottalanmiller It affects the users opinions of me? Does this not seem suspicious though? Why would it have been changed a single digit? Have you ever seen such a thing occur without someone changing it? I could see something like a CMOS being dead and the settings clearing, but one digit?
-
You think that someone is sabotaging you specifically? Who else has access?
-
@scottalanmiller That's a good question. I know all of the higher ups have all of the IP's and credentials. This could also have been some kind of test to see how fast I found the issue?
Higher ups being the owner and partners.
-
@wirestyle22 said in Possible Workplace Sabotage?:
@scottalanmiller That's a good question. I know all of the higher ups have all of the IP's and credentials. This could also have been some kind of test to see how fast I found the issue?
That's a major problem. You have shared credentials? Make sure that that is documented and that you raise this as a security issue. Maybe it is shared with other people, maybe it is shared with people who are no longer with the company. Shared passwords make those people equally responsible for any actions taken on the network.
-
@scottalanmiller said in Possible Workplace Sabotage?:
@wirestyle22 said in Possible Workplace Sabotage?:
@scottalanmiller That's a good question. I know all of the higher ups have all of the IP's and credentials. This could also have been some kind of test to see how fast I found the issue?
That's a major problem. You have shared credentials? Make sure that that is documented and that you raise this as a security issue. Maybe it is shared with other people, maybe it is shared with people who are no longer with the company. Shared passwords make those people equally responsible for any actions taken on the network.
Yeah there are only admin credentials to access each device. I don't want this to be some weird conspiracy theory post, but I cannot justify one digit changing and nothing else. I can't resolve that with myself.
-
@wirestyle22 said in Possible Workplace Sabotage?:
@scottalanmiller said in Possible Workplace Sabotage?:
@wirestyle22 said in Possible Workplace Sabotage?:
@scottalanmiller That's a good question. I know all of the higher ups have all of the IP's and credentials. This could also have been some kind of test to see how fast I found the issue?
That's a major problem. You have shared credentials? Make sure that that is documented and that you raise this as a security issue. Maybe it is shared with other people, maybe it is shared with people who are no longer with the company. Shared passwords make those people equally responsible for any actions taken on the network.
Yeah there are only admin credentials to access each device. I don't want this to be some weird conspiracy theory post, but I cannot justify one digit changing and nothing else. I can't resolve that with myself.
That Aruba's logs lack this is very fishy. Have you looked into fixing the credentials issue?
-
@scottalanmiller said in Possible Workplace Sabotage?:
@wirestyle22 said in Possible Workplace Sabotage?:
@scottalanmiller said in Possible Workplace Sabotage?:
@wirestyle22 said in Possible Workplace Sabotage?:
@scottalanmiller That's a good question. I know all of the higher ups have all of the IP's and credentials. This could also have been some kind of test to see how fast I found the issue?
That's a major problem. You have shared credentials? Make sure that that is documented and that you raise this as a security issue. Maybe it is shared with other people, maybe it is shared with people who are no longer with the company. Shared passwords make those people equally responsible for any actions taken on the network.
Yeah there are only admin credentials to access each device. I don't want this to be some weird conspiracy theory post, but I cannot justify one digit changing and nothing else. I can't resolve that with myself.
That Aruba's logs lack this is very fishy. Have you looked into fixing the credentials issue?
It's on my list of things that need to be done immediately. I'm presenting soon to the owner.
-
@wirestyle22 said in Possible Workplace Sabotage?:
@scottalanmiller said in Possible Workplace Sabotage?:
@wirestyle22 said in Possible Workplace Sabotage?:
@scottalanmiller said in Possible Workplace Sabotage?:
@wirestyle22 said in Possible Workplace Sabotage?:
@scottalanmiller That's a good question. I know all of the higher ups have all of the IP's and credentials. This could also have been some kind of test to see how fast I found the issue?
That's a major problem. You have shared credentials? Make sure that that is documented and that you raise this as a security issue. Maybe it is shared with other people, maybe it is shared with people who are no longer with the company. Shared passwords make those people equally responsible for any actions taken on the network.
Yeah there are only admin credentials to access each device. I don't want this to be some weird conspiracy theory post, but I cannot justify one digit changing and nothing else. I can't resolve that with myself.
That Aruba's logs lack this is very fishy. Have you looked into fixing the credentials issue?
It's on my list of things that need to be done immediately. I'm presenting soon to the owner.
Keeping in mind that you should definitely have admin credentials sealed away somewhere safe that others can access as a Bus policy (as in you get hit by a bus)... But nobody else should be using that except in emergencies.
-
I'd also check the Arubas and see if anything happened like an automatic software update, etc?
-
@dafyre I checked the logs and spoke with them about possibilities. We both said there isnt anything that we know of that could have caused it. Idk. I'm not a conspiracy theorist, I just think it's weird.
-
@wirestyle22 said in Possible Workplace Sabotage?:
@dafyre I checked the logs and spoke with them about possibilities. We both said there isnt anything that we know of that could have caused it. Idk. I'm not a conspiracy theorist, I just think it's weird.
Quite weird. What happens when you set it back to the appropriate value?
-
Wrap all your APs in tin foil, secure your tin foil hat, and watch out for the black van that awaits you on your way home...
-
@dafyre It's fixed when I do that
-
@RojoLoco I already have my armadillo hat insulated so the government can't scan my brainwaves
-
@RojoLoco said in Possible Workplace Sabotage?:
Wrap all your APs in tin foil, secure your tin foil hat, and watch out for the black van that awaits you on your way home...
It'll be the one broadcasting "FBI Surveillance Van"
-
@wirestyle22 said in Possible Workplace Sabotage?:
@dafyre It's fixed when I do that
Does it change back again?
-
@wirestyle22 said in Possible Workplace Sabotage?:
@RojoLoco I already have my armadillo hat insulated so the government can't scan my brainwaves
Double check it.... that brainwave scan is how they got your admin credentials!
-
@dafyre said in Possible Workplace Sabotage?:
@RojoLoco said in Possible Workplace Sabotage?:
Wrap all your APs in tin foil, secure your tin foil hat, and watch out for the black van that awaits you on your way home...
It'll be the one broadcasting "FBI Surveillance Van"
Sigh, there is one of those within WiFi range of my house.
I'm scart.
