Full Disclosure mailing list archives

Re: Hotel Network Security: A Study of Computer Networks in U.S. Hotels

From: "James Matthews" <nytrokiss () gmail com>
Date: Thu, 2 Oct 2008 10:18:39 -0700

Every time i go stay at a hotel i test the security. Most of the time it
sucks! I like what the hotel in Dallas is doing but how many times am i in
Dallas? I just use a mobile 3g card.

On Thu, Oct 2, 2008 at 9:29 AM, Josh Ogle <jdo24 () cornell edu> wrote:

I agree with you that if employees (of non-hotels, I believe you mean)
were instructed as to the best, safest ways to take care of their own
privacy while on the road traveling, this would be a non-issue.
However, it's far more difficult to get every single company in the
world with a traveling salesperson to instruct their non-techie
employees on the dangers of computer networks, than it is to simply set
in place technologies *on* those networks that will help prevent the
attacks from being able to occur.  You'll notice, however, in the
article I have (on the last page) a "clip out" of sorts to give to hotel
guests, informing them of ways to keep themselves safe while on computer
networks.

Secondly, and I'm not sure as to the importance of this point but it
means something to me, I think people go to hotels with an assumption of
security.  If a hotel (especially a "good" one) is in a bad
neighborhood, you expect it will be supervised by a night
watchman/doorman.  You expect that if you close the door to your hotel
room, there will be a lock on it that you can close so that no one can
get in easily.  Someone could still break in if they hit the door with
an axe enough times, but the layer of protection is there nonetheless.

Likewise, I think it's a general assumption, albeit a false one, that
hotel computer networks are inherently secure.  Even those people who
know that wireless access points are sometimes unsafe do not realize
that plugging one's computer into a network physically is oftentimes
just as insecure.  The point being that people have a reasonably
assumption of privacy and security in the hotel environment, and I think
it's the hotels' responsibility to either a) uphold this, or b) be very
clear that they are NOT upholding this, and that the computer network is
very likely unsafe.

-Josh

J. Oquendo wrote:

On Thu, 02 Oct 2008, Josh Ogle wrote:

the technology exists to increase a hotel network?s security, a hotel
could potentially be considered at fault for not taking the necessary
precautions to protect their guests from hackers.


FYI, just because the technology exists does not mean
hoteliers have to run out and accomodate everyone in
deploying these technologies. If employees were trained
in the risks associated with technology, many of these
technologies would go the way of the dinosaur.

Supposing someone made you aware of the danger of
logging into a network because of the impact of
sniffers. Would you PERSONALLY be cruising random
hotspots. If you knew definitively the person who
runs the network could see and record everything
you did, I'm sure the chances of you picking up
any network to surf on would diminish.

Many people aren't aware of the dangers and this
is the root of the problem. Technology is nothing
more than a stepping stone. Corporations have the
capabilities (or should have) to protect their
assets on a layered approach and instances like
this - employees hooking up from a hotel - can be
mitigated way before the fact. Its called policy.



=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, CNDA, CHFI, OSCP

"A good district attorney can indict a ham sandwich
if he wants to ... The accusations harm as much as
the convictions ... they're obviously harmful or it
wouldn't be news.." - John Carter

wget -qO - www.infiltrated.net/sig|perl<http://www.infiltrated.net/sig%7Cperl>

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/




-- 
http://www.goldwatches.com/

http://www.jewelerslounge.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Hotel Network Security: A Study of Computer Networks in U.S. Hotels Josh Ogle (Oct 02)
- Re: Hotel Network Security: A Study of Computer Networks in U.S. Hotels J. Oquendo (Oct 02)
  - Re: Hotel Network Security: A Study of Computer Networks in U.S. Hotels Josh Ogle (Oct 02)
    - Re: Hotel Network Security: A Study of Computer Networks in U.S. Hotels James Matthews (Oct 02)