I work in the IT group for a small company and I've been doing some security learning/practicing on the side and have used my work network as the guinea pig. They don't know I've done any of this and I believe aren't too concerned with how secure the network is right now from hackers/crackers. I've gotten to the point where anything I do beyond where I am now could be or would be illegal without consent from the company. I want to write up a report on my findings, simple yet concise, but I don't know where to start or how to begin. Any ideas would be great.

Before you present your findings to the "powers that be" I suggest that you actually MONITOR your connection and log any suspicious activity. When you present your ideas for beefing up security, it will help your argument significantly if you can demonstrate that there IS a potential problem and if you can do it in such a way that the evidence is undeniable, while the amount of time that they perceive was SPENT on this research is minimal.

Be very very careful. The fact that you have already done some "learning/practicing" on your own without their specific consent could be grounds for dismissal! Really depends on your relationship with your employer and their corporate culture.

By all means, stop before you proceed any further. You don't want to end up un-employed or in jail because someone mistook your good intentions for something else.

Talk to your manager. Tell him that you are interested in network security, and what you suspect. Ask him if it would be appropriate for you (ie: get permission) to investigate your opinions and provide a report on your findings with suggestions on how to improve the situation.

Ask him the level of detail he would like you to go into, and the format he would like to see. He's more likely to support the idea and the items presented if you involve him/her in the process.

Our schools computer systems are really NOT-SECURE. What have I done? I took (yes, thats right, I took) passwords and usernames that where in the system (uncrypted), checked that they worked, etc. and then went to the guys that should manage the damm system.

They where puzzled. There are just so many other holes in our schools system that.... Oh dear... and every now and then it gets hacked. I have tryed to warn them from time to time but they dont listen.

So, my advice: dont expect them to understand or listen, and dont expect that they know ANYTHING about the system/security even they had what sort of education.

Markus