Full Disclosure mailing list archives
Re: Hotel Network Security: A Study of Computer Networks in U.S. Hotels
From: Josh Ogle <jdo24 () cornell edu>
Date: Thu, 02 Oct 2008 12:29:51 -0400
I agree with you that if employees (of non-hotels, I believe you mean) were instructed as to the best, safest ways to take care of their own privacy while on the road traveling, this would be a non-issue. However, it's far more difficult to get every single company in the world with a traveling salesperson to instruct their non-techie employees on the dangers of computer networks, than it is to simply set in place technologies *on* those networks that will help prevent the attacks from being able to occur. You'll notice, however, in the article I have (on the last page) a "clip out" of sorts to give to hotel guests, informing them of ways to keep themselves safe while on computer networks. Secondly, and I'm not sure as to the importance of this point but it means something to me, I think people go to hotels with an assumption of security. If a hotel (especially a "good" one) is in a bad neighborhood, you expect it will be supervised by a night watchman/doorman. You expect that if you close the door to your hotel room, there will be a lock on it that you can close so that no one can get in easily. Someone could still break in if they hit the door with an axe enough times, but the layer of protection is there nonetheless. Likewise, I think it's a general assumption, albeit a false one, that hotel computer networks are inherently secure. Even those people who know that wireless access points are sometimes unsafe do not realize that plugging one's computer into a network physically is oftentimes just as insecure. The point being that people have a reasonably assumption of privacy and security in the hotel environment, and I think it's the hotels' responsibility to either a) uphold this, or b) be very clear that they are NOT upholding this, and that the computer network is very likely unsafe. -Josh J. Oquendo wrote:
On Thu, 02 Oct 2008, Josh Ogle wrote:the technology exists to increase a hotel network?s security, a hotel could potentially be considered at fault for not taking the necessary precautions to protect their guests from hackers.FYI, just because the technology exists does not mean hoteliers have to run out and accomodate everyone in deploying these technologies. If employees were trained in the risks associated with technology, many of these technologies would go the way of the dinosaur. Supposing someone made you aware of the danger of logging into a network because of the impact of sniffers. Would you PERSONALLY be cruising random hotspots. If you knew definitively the person who runs the network could see and record everything you did, I'm sure the chances of you picking up any network to surf on would diminish. Many people aren't aware of the dangers and this is the root of the problem. Technology is nothing more than a stepping stone. Corporations have the capabilities (or should have) to protect their assets on a layered approach and instances like this - employees hooking up from a hotel - can be mitigated way before the fact. Its called policy. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, CNDA, CHFI, OSCP "A good district attorney can indict a ham sandwich if he wants to ... The accusations harm as much as the convictions ... they're obviously harmful or it wouldn't be news.." - John Carter wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Hotel Network Security: A Study of Computer Networks in U.S. Hotels Josh Ogle (Oct 02)
- Re: Hotel Network Security: A Study of Computer Networks in U.S. Hotels J. Oquendo (Oct 02)
- Re: Hotel Network Security: A Study of Computer Networks in U.S. Hotels Josh Ogle (Oct 02)
- Re: Hotel Network Security: A Study of Computer Networks in U.S. Hotels James Matthews (Oct 02)
- Re: Hotel Network Security: A Study of Computer Networks in U.S. Hotels Josh Ogle (Oct 02)
- Re: Hotel Network Security: A Study of Computer Networks in U.S. Hotels J. Oquendo (Oct 02)