[Full-disclosure] Hotel Network Security: A Study of Computer Networks in U.S. Hotels

[Josh Ogle <jdo24@xxxxxxxxxxx>]

Hey guys,

I recently completed a research paper through Cornell concerning the 
security of hotel computer networks across the US.  I cite this mailing 
list in it.  If you all have any criticism or input (or an open position 
at your workplace?  I'm a jobless new graduate!), I'd love to be in 
contact.  You can find the paper here: 
http://www.hotelschool.cornell.edu/research/chr/pubs/reports/abstract-14928.html
 
(registration required, sorry)

Executive Summary: A study of 147 U.S. hotels finds a mixed picture with 
regard to the security of guests’ connections to the hotels’ network, 
whether by cable or Wi-Fi. Since many business travelers connect 
remotely to continue working while on the road, the potential for theft 
of corporate information exists. Some hotels still rely on relatively 
rudimentary hub technology for their networks, and these are 
particularly subject to hacking. Others have upgraded to more secure 
switches or routers. Even better is encryption for Wi-Fi connections, 
but that still does not prevent malicious users from intercepting 
guests’ transmissions. An example of a best practice is presented in the 
case of the W Dallas Hotel—Victory, which has set up virtual local area 
networks (VLANs) for all of its users. The VLAN inhibits attackers from 
using their computer to imitate the hotel’s main server, which is the 
mechanism most would use to intercept other people’s data. Given that 
the technology exists to increase a hotel network’s security, a hotel 
could potentially be considered at fault for not taking the necessary 
precautions to protect their guests from hackers.

-Josh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/