I'm the IT guy at the company. The only one that barely understands any and all things computer related.

Recently we changed our ISP and we're still having minor issues with the fiber optics modem / router provided by the phone company.
Every now and then, the office employees call the ISP help desk to complain of service interruptions and or that the Wifi signal is poor and disconnects.

Used to have a router but the ISP removed it when they installed their Fiber optics modem /router.

Last week i decided to take a look at the FO modem router and found that the DHCP pool had been modified from my original setting of 15 to 40 available slots.
I keep the number small to manage just a few cell phones, printers and the occasional guests.

I found out that as a result of one of those frequent calls coming from my office, the help desk guy had decided to alter my DHCP settings to accept more clients.
No one but me has the authority to modify those settings and being on the LAN side of things I felt it was outside of the scope of third party services to mess with.

I emailed the support company asking to know who on my company had required/authorized these changes and now the ISP guy wants to talk to me. On the phone.
He wants me to give him my phone number so he can call me when it suits him. I asked for his phone so i can call him when it suits me.

Basically, i'm furious and the guy is in CYA mode. Have received no reply regarding the authorisation since i know none exists. He only needed to reboot the modem remotedly to have the complaining office reconnected immediately.

We don't keep servers locked in a special room so anyone can play with tham remotely and unsupervised.

So, should i complat to the ISP formally and to the help desk company to have this guy sacked or should i let it slide?

0-0

I think the primary issue you need to focus on is the fact this guy 'could' make the changes to your system, as opposed to the fact that he did make the changes. I think you need to overview your system for some major security changes. I'd find ways to physically lock out anyone who is not authorized to make system changes. After that, I'd chase the issue of the unauthorized changes having been made to the system.

Tell them to put their modem/router in bridge mode and reinstall downstream equipment(router and wifi) only you manage, take them out of the loop.

Do not communicate over the phone, or even in e-mail. If you are serious in getting this resolved, paper is the only way that the record of who said what is going to be convincingly preserved. This is, and should be treated as, a serious security violation, but good luck trying to convince anyone non-technical of that without a paper trail.

Unless you have a written description of the scope of support responsibilities, you are probably wasting your time on anything retroactive. But you can certainly protect yourself going forward. It doesn't have to be a contract mod., a memorandum of understanding signed by both parties should be sufficient. After this is in place, you can change the admin. passwords on the equipment, etc. to protect your configuration.

Also, I'd recommend setting up a network monitoring system and pinging addresses outside the IPv4 ranges you want to use so you will know when someone has changed your DHCP scope. This may also help with long-term capacity analysis, and certainly speed recognition of and responses to service outages.

quote:

Originally posted by stoic-one:
Tell them to put their modem/router in bridge mode and reinstall downstream equipment(router and wifi) only you manage, take them out of the loop.

^^^ this ^^^

You also should have users contact your help desk (you) system for all these issues. That way you get to address all of these problems.

Let's dial it back a notch.

1) You need to review the syslogs to determine who made the change. Most companies require ironclad proof that someone made an unauthorized change before taking action.
2) Read the ISP Terms and Conditions. The ISP guy changed settings on an ISP owned piece of equipment. That level of change could be authorized under the contract, especially if a non-IT person negotiated the contract.
3) As others have recommended, request bridge mode and install your own router/switches and wifi.
4) Expanding the DHCP pool from 15 to 40 isn't necessarily unrealistic. Printer, access points, laptops and cells add up pretty quick. Controlling your own network will allow you to adjust as needed.
5) At least talk to the ISP guy, two sides to every story. A good manager listens to both before taking action.

quote:

Originally posted by smschulz:

quote:

Originally posted by stoic-one:
Tell them to put their modem/router in bridge mode and reinstall downstream equipment(router and wifi) only you manage, take them out of the loop.

^^^ this ^^^

This is what I do.

quote:

Originally posted by rusbro:

quote:

Originally posted by smschulz:

quote:

Originally posted by stoic-one:
Tell them to put their modem/router in bridge mode and reinstall downstream equipment(router and wifi) only you manage, take them out of the loop.

^^^ this ^^^

This is what I do.

Same here. My CenturyLink VDSL modem/router is neutered to the point it is only a modem. All other services (routing, dhcp, wi-fi) are handled by devices within my LAN.

quote:

Originally posted by SPWAMike0317:
Let's dial it back a notch.

1) You need to review the syslogs to determine who made the change. Most companies require ironclad proof that someone made an unauthorized change before taking action.
2) Read the ISP Terms and Conditions. The ISP guy changed settings on an ISP owned piece of equipment. That level of change could be authorized under the contract, especially if a non-IT person negotiated the contract.
3) As others have recommended, request bridge mode and install your own router/switches and wifi.
4) Expanding the DHCP pool from 15 to 40 isn't necessarily unrealistic. Printer, access points, laptops and cells add up pretty quick. Controlling your own network will allow you to adjust as needed.
5) At least talk to the ISP guy, two sides to every story. A good manager listens to both before taking action.

Very good points here.

The ISP is the hardware owner. I/we haven't bridged the routers yet because the service is quite new an i didn't want to make it more complicated until we were satisfied about it's reliability.
The phone company started offering FO internet quite recently and the whole service is quite new in all its aspects. Their help desk appears to be outsourced to Atento.com. Never heard of them.
If I were to complain, i would do it to the phone company.

The bridging etc. is no problem. Just didn't want to get into it until we were happy with the internet service and we are having some issues at present.

The ISP modem/router has a barebones interface. Crap.

0-0

On my side of the table, nobody but me could care less. They don't know, understand, care or would like to hear about it.

quote:

We don't keep servers locked in a special room so anyone can play with tham remotely and unsupervised.

They don't necessarily need to be physically locked up. But nobody should have admin level passwords except yourself and anyone you delegate.