| HN Mirror

Oh don't get me wrong. UniFi and central management can be great if your on actively managed IT infrastructure. That is to say, you pay someone a monthly fee to keep your stuff configured, monitored and working. But where I live, most of these installs are at rural businesses or properties where IT only gets called when things go wrong. These are exactly the wrong place to put managed infrastructure. It can be years between problems and rarely are the same techs even in the area when the next call comes around. Which is exactly why I was able to crack the DB in the first place, it was an out of date V6 install of the controller using a unsecured mongodb. Took me about 20 minutes of googling to find out how to do it when I used the right key words/after I'd figured out what was wrong (someone plugged in a router with DHCP enabled upstream of all the p2p wifi nodes but downstream from the unifi security gateway, the router got flagged as trying to provide/hijack dhcp and unifi blocked that port it seems, killing all the p2p wifi with it, honestly not a bad response from unifi hardware but a nightmare for your joe blog tech who doesnt really have much experience with network problem solving).

I advocate certain clients towards centrally managed systems, but for most of these clients who aren't interested in a regular checkup or business agreement with an IT provider I generally put them on un-managed setups with at least 2x USB devices with copies of config on-site and a printout of what the setup and network layout is. This is in-case I'm not here the next time they need work done or in case I do come back and don't want to spend a day deciphering their setup again. All cloud services are disable, no external log-in from outside of the site allowed. I leave the main modem/ISP connected router ideally up to the ISP they are getting internet services from and build everything downstream from that. Auto-update set to on. I've got multiple p2p and p2mp wireless networks at properties all around the region that haven't had a tech on-site for 4+ years and they won't until something breaks or the protocol their operating on gets too slow for user requirements which I would expect is another 4+ years at least because mikrotik wifi is rock solid when its setup manually and correctly.

Security is less of a worry. I mean honestly if your willing to drive out to the middle of nowhere to war-drive and crack the passwords and get into their network...hell you probably deserve to get some internet and check ya emails for the effort you've put in. They'll probably see your vehicle while your doing it and invite you in for a cuppa and give you the password anyways.