Solved

Hotel Internet Network Security - what is normal?

Posted on 2004-10-06
12
446 Views
Last Modified: 2013-11-16
I have a laptop which is part of an MSHOME workgroup in my Home Ethernet. I recently stayed at a hotel where I hooked up my laptop to the internet through their Ethernet connection. When I clicked onto network connections and then view-workgroup-computers, I can see other computers that apparently seem to be using the internet as well. A double click on these network places (other customer computers) shows all the folders those Internet users are sharing (here my guess is that this is because their workgroup is named the same). Here some share their entire computer without a password.

Now my question is, is this:
To me it seems that this is a major security risk, the hotel is exposing its customers to, even though it requires the customers to share folders to make unauthorized access possible. Is this true or is there nothing the hotel can do/should do to prevent these authorized access to shared folders.

What does the hotel need to do to block this? And is such a setting like this hotel has common or normal? This is a very well respected 5 star hotel which accomodates some of the most rich/famous people.
0
Comment
Question by:mobile1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
12 Comments
 
LVL 2

Expert Comment

by:kitisak
ID: 12245406
I think it depends on staffs's awareness. If they think customer's information is very important, they should secure. But you have to think about if you secure everything, it can make customer can't access internet.

PS. customers have to protect themselves first.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12245514
Yep, welcome to Windoze, where pretty much anyone can see anything on your machine, should you be foolish enuf to hook it to a public network (like a hotel's guest net).

From the hotel's standpint, they provide you with connectivity. Its up to you to use it properly. The electricity in the wall sockets is a risk too, if you're foolish enuf to go sticking your car key into the little slot. As kitisak says, its up to the customer to protect themselves.

Me, I wouldn't get a Windoze PC anywhere near a hotel Ethernet port. Not even with XP SP2. You're asking for it to be h4x3d and 0wn3d by Little Johnny in Room 317.
0
 
LVL 3

Accepted Solution

by:
jasef earned 125 total points
ID: 12245876
Hi mobile1,
Thats a good question. The hotel is providing an Internet connection through a shared switch by the sounds of it.  It probably is fairly normal really, but whether it should or shouldn't be probably comes down to their usage policy.
From one perspective, the hotel is just providing a service. Whether individuals machines are secure or not is up to them. On the other hand, the average Joe doesn't know any of these things.
The hotel should NOT need users to share folders to provide internet acccess, and if they instruct users to do so this would be wrong IMO.
There are several things they could do to ensure clients security (if they wanted) without making the connection process more difficult (such as VLAN each room, or keep the connections physically different, or filter what data is allowed outbound to what IPs (firewalling)). On the other hand, depending on the setup, a determined and skilled hacker could possibly gain access anyway if the client machine has weak passwords or any number of vulnerabilities etc.

Cheers!
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:Hypoviax
ID: 12246158
Room 1337 actually PsiCop to follow your example
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12246747
> ..  it seems that this is a major security risk, the hotel is exposing its customers ..
wrong statement! Should be:
       it seems that the customers are exposing their shares in the hotel, which is a major risk (for them)

> 1337
and probably 31337 to ;-)
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12246839
ahoffmann - yeah, that too, but i think 1337 is the newer way ;-)
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12249096
*chuckle* Yeah, I forgot that. Room 1337 it is! :-)
0
 

Author Comment

by:mobile1
ID: 12249967
Now what about my question? a) is this normal that I can access other peoples shared folders on a hotel network? b) How can this be prevented? (blocking a certain port?)
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12250318
a) Yes, as long as people use fundamentally insecure OSes like Windoze, and fail to secure them (to the extent that can be secured(

b) By the proliferation of alternative OSes that are not fundamentally insecure. As a hotel, I would not want to get into port-blocking, at least not in the US. Why? Common-carrier status. The less I regulate, the less liability I have. I attempt to regulate and I tell customers "I provide a secure environment" and they hook their computer to my network (and remember, I have NO idea what is on their computer or how stupidly it might be configured) and Little Johnny in Room 1337 h4x and 0wnz them, they are going to be coming to ME ask asking why I let them get nailed, since I promised them a "secure" environment (VLANs are *not* security). If I take the "common-carrier" approach, all the responsibility and LIABILITY is on them. If they have a vulnerable OS and/or stupid configuration, and they get nailed, well, mebbe they'll learn that have a vulnerable OS and/or a stupid config and change those things. Mebbe not. But I've got an easy way to see the inevitable lawsuit gets dismissed.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12253860
mobile1, please read my comment (and most other too:) again:
  this is a problem of each customer, not the hotel (or whatever)
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12253988
In my opinion, if the hotel allows users to connect to their network the hotel should give each customer a disclaimer and a brochure on the risks assciated with using such a network. They should include such things as turning on a firewall, desharing shared folders and updating their antivirus software. Although it is not their responsibility they have a duty of care and should, as good business practise, alert users to the risks associated and any measures that could be taken to prevent or minimise these risks.

Regards,

Hypoviax
0
 
LVL 3

Expert Comment

by:jasef
ID: 12255878
Comment from mobile1
Now what about my question? a) is this normal that I can access other peoples shared folders on a hotel network? It is not unusual

b) How can this be prevented? (blocking a certain port?)
The presentation of this question suggests you don't understand the basics of firewalling. Further interest in this line of questioning is probably best answered by considerable research or a course.  Many of the concepts are still rather complex and take time to digest (I've been working IT for 8 years and still have a lot to learn in regards to security which has been my specialisation for a year or so now). Some of the others might have some handy links, otherwise go to Zone Alarms or one of the other desktop firewall manufacturers; A lot of them have some great basic info such as you're after. That said

Technical Answer (A little outdated, but...):
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfc_por_SIMW.asp

Easy Answer:
Removing 'File & Printer Sharing' and Activating the Windows XP basic firewall will do the basics (This essentially blocks any inbound (non-established) traffic to any port).
What other experts are saying here is that even when you block these ports, the many flaws in Windows design that keep coming out often leave your machine vulnerable even when you ARE firewalling the right ports in the right way.

If you want REAL security, Tiny Personal Firewall 6 is about as good as it gets for a Windows desktop firewall IMO. It's protects not only the basic IP ports and protocols & IDS etc, but also the integrity of your system (DLL/COM Access, Application Spawning, File, Registry Access etc).  Downside is it takes time to configure.
0

Featured Post

Raise the IQ of Your IT Alerts

From IT major incidents to manufacturing line slowdowns, every business process generates insights that need to reach the people required to take action. You need a platform that integrates with your business tools to create fully enabled DevOps toolchains.

You need xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others.  This conference is aimed mainly at government agencies.  So it addresses the various compli…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

687 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question