Silly IT Manager and WPA Security

Discussion in 'Community Discussion' started by ab2650, Dec 28, 2007.

  1. ab2650 macrumors 6502a

    Joined:
    Jun 21, 2007
    #1
    I just thought I'd take the opportunity to rail on my IT manager for the company where I work... For Xmas, my lovely wife gifted me a shiny new iPhone which I've been having a blast with, until I brought it in to work.

    I wanted to connect it to our wireless AP, which shouldn't be any trouble - Except the WPA key is incredibly long (63 characters) and incredibly random (random full character set... including the backtick). I was partly dismayed to see the iPhone lacked a way to enter the backtick character, see the password I was typing, or a copy/paste to get the WPA key there.

    So after spending too long trying to key in a password that was literally impossible to fully type, I fired of a friendly email to our IT manager asking if it would be possible to remove the backtick character and replace it with something else, or shorten the password altogether. I think my suggestion was upper/lower alphanumeric only, 32 characters long.

    Obviously since I'm posting here his answer was "no." His reasons where:
    1) It defeats the point of having super-duper high security (i.e., maximum length)
    2) It's not his fault the iPhone can't handle a backtick.

    What a pain.
     
  2. Baron58 macrumors 6502

    Joined:
    Feb 19, 2004
    #2

    Whether (1) is a valid premise or not is debatable, but regardless, he's 100% correct. Your non-work-issued toy is not his problem.
     
  3. mickeys macrumors newbie

    Joined:
    Jan 28, 2008
    Location:
    San Francisco, California.
    #3
    This is the most narrow view of ITs role: surely his meta-responsibility is to the fiduciary health of the company.

    If he changes all backticks with single-quote characters he's not changed the super-duper magic qualities of the generated password nor is he being a jerk.

    I suspect the latter is the driving force here.
     
  4. maestro55 macrumors 68030

    maestro55

    Joined:
    Nov 13, 2005
    Location:
    Goat Farm in Meridian, TX
    #4
    Where I am working right now we actually have two wireless connections, one is for work machines and it is very long passkey, the other is shorter (still random characters) and is the one we use on our guest network when we have people visit and need to connect (one is behind our network, one is in front of the network). If you company has outside clients coming in or guests coming in then a good IT manager would have it set-up so they could connect, even if they were using an iPhone.
     
  5. mickeys macrumors newbie

    Joined:
    Jan 28, 2008
    Location:
    San Francisco, California.
    #5
    That's exactly the set-up we have at my company. It's really nice for visitors. But to get back to the OP, it's pathetic that his IT manager can't just substitute backticks with another character. Way to be mediocre! Yea team!
     
  6. Evangelion macrumors 68040

    Joined:
    Jan 10, 2005
    #6
    If he changed the WPA-key to accomodate a personal iPhone, what would happen to all those devices that connect to the AP using the old key?
     
  7. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #7
    Well, IT would have to just run around and manually change them all wouldn't they? After all, they've got absolutely nothing better to do than accommodate any piece of kit any employee should choose to bring into the office, have they? And all the abuse hurled at them by other employees who suddenly can't use the wireless would be totally justified!! Stupid IT!! Stupid stupid people!!

    Some people have the most skewed idea of what an IT department actually does :rolleyes:
     
  8. Evangelion macrumors 68040

    Joined:
    Jan 10, 2005
    #8
    Dindingding, we have a winner!
     
  9. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #9
    Um, provide technology services to support those actually generating revenue? Some IT people have the most skewed idea of what their role is in the company (as in, exactly who works for whom). ;)
     
  10. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #10
    From my experience as an independent consultant it works best when the business provides IT with a set of guidelines to work with and leaves the technological details to those that specialise in technology, namely IT. The business should decide the policies, but not the minutiae. Whether non-company owned personal iPhones are supported or not doesn't fall into the global policy arena, but into the choice of technology area. Changing what is possibly a globally agreed WPA key to accommodate one user's requirements is nothing more than a waste of resources.

    Otherwise where does it stop? Personal service for every single "revenue generator" and their own support staff? How many IT staff do you think that would take? Would the "revenue generators" welcome a doubling or tripling of the IT budget to manage every whim that may come IT's way?
     
  11. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #11
    Those generating revenue will get a business provided e-mail/web device if the company have those services and if it's deemed necessary for them. No matter what the change is, it's completely unreasonable to expect them to change things to suit your private and personal needs.
     
  12. tersono macrumors 68000

    tersono

    Joined:
    Jan 18, 2005
    Location:
    UK
    #12
    Here we have a dedicated WAP for exactly such purposes. It doesn't allow full logon access to the domain (it's on the wrong side of our primary firewall), but does allow access to such things as outlook web access. That way, if someone brings in a 'guest' device, I can accommodate them easily (I'm I.T. manager here) without compromising network security.

    However, while I sympathise with the OP, I do see the problem from the other side, too - having to change the key for all other users just in order to accommodate a single iPhone is a bit excessive, and if he's half as busy as I am most of the time, that's an extra job he REALLY doesn't need.
     
  13. JNB macrumors 604

    JNB

    Joined:
    Oct 7, 2004
    Location:
    In a Hell predominately of my own making
    #13
    I was speaking in a "broad brush" of roles & relationships, and how many IT Departments have turned themselves into a priesthood of sorts. Supporting individual needs (by any department, really, including HR) is obviously not to be expected, but in those cases where a personal need dovetails with a business purpose and exposes inexplicable--and in many cases, indefensible--IT "policies," then where is one to go?

    As to edesignuk's point, I am a revenue-generator, and I have to buy whatever cell phone I want, I am not provided one. Since the expense is out of my own pocket, I chose the iPhone. My IT only supports Blackberry for "email devices," but this is at an added cost to the company in hardware and licenses. Once the 2.0 firmware is released and supports ActiveSync, what would be the objection of enabling that, as it's free to the company? (Don't answer, I've already gone 'round that carousel when I had a Treo). In two years, I have never gotten a clear answer from them for a business or technical rationale, just a reflexive "not policy."

    I fully understand (and support) the vast majority if IT's decision- and policy-making, given the burden & responsibility they have in the organization. I just believe that many of them need to get off their hobby horses and remember they are part of a team, not a private fiefdom the rest of us owe allegiance to.
     
  14. Evangelion macrumors 68040

    Joined:
    Jan 10, 2005
    #14
    The user can "generate revenue" with the equipment provided by their employer, as opposed to various bits and pieces they happen to accumulate over their lives. No, IT-departments do not oppose users having personal equipment. What they would oppose is the idea that the IT-department is somehow required to support that personal hardware.

    It is the job of the IT-department to support others in IT-related issues. But that does not mean that they are required to support all kinds of devices the users happen to bring with then from their homes. IT-department is not subordinate to the other workers, it's not like the other departments can make demands because "We are the ones who generate revenue, and it's your job to support us!".
     
  15. Evangelion macrumors 68040

    Joined:
    Jan 10, 2005
    #15
    First, the device needs to be scrutinized for any possible security-issues. Then they need to be absolutely sure that it does not screw up anything in the server and that it works nicely with other systems as well. How about making sure that it works nicely with other devices? Hell, I have an issue where email sent from a Blackberry would not be delivered to Nokia 9300i Communicator. Those kinds of issues could crop up, and it's extra work for the IT-guys. Work that they could do without. Work, that would not exist if users used supported devices. They are called "supported" and "unsupported" for a reason.

    Then there's the dreaded "policy". So the iPhone-owner got a favour from the IT-guys. Then some other guy comes along and says something like "they, since you helped Brian to get his iPhone up & running with our servers, then surely you can do the same with my Android-phone?". Then comes a third person, then fourth, then fifth....

    So, when IT-department refuses to support users personal device, it means that they are not "team-players", but when users go and demand that the IT-department must support their personal devices, those users ARE "team-players"? I don't know about you, but I would say that in order for them to be a team-player, they would stick to corporate-supported devices.
     
  16. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #16
    That's something that was very common at the beginning of the decade, but from my experience increasingly no longer the case.

    IT doesn't set policy in most organisations, it interprets one set by the business. Take it up with whatever governance structure is in place rather than aiming your ire at IT directly.
     
  17. Hawkeye411 macrumors 68000

    Hawkeye411

    Joined:
    Jun 6, 2007
    Location:
    Canada EH!!!
    #17
    Just bring in your own wireless router and set it up in your office without telling him. Then set the WPA password to anything you desire. Give the router a name related to the company next door and he will think that they have set up another network. :D

    Cheers,
    :):apple:
     
  18. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #18
    Easy to find, easy to block. Sorry, try again :D
     
  19. edesignuk Moderator emeritus

    edesignuk

    Joined:
    Mar 25, 2002
    Location:
    London, England
    #19
    Pulling crap like that is also a serious breach of company policy, you could get fired.
     
  20. Hawkeye411 macrumors 68000

    Hawkeye411

    Joined:
    Jun 6, 2007
    Location:
    Canada EH!!!
    #20
    OK then ... how about talking to your boss and convince him that the iPhone is making you more productive, without discussing your connection problems. Then, about a week later, tell him that you can't connect to the wireless network in the office and that the IT guy is not being helpful.

    Cheers,
    :):apple:
     

Share This Page