Solved

Hotel Internet Network Security - what is normal?

Posted on 2004-10-06
12
439 Views
Last Modified: 2013-11-16
I have a laptop which is part of an MSHOME workgroup in my Home Ethernet. I recently stayed at a hotel where I hooked up my laptop to the internet through their Ethernet connection. When I clicked onto network connections and then view-workgroup-computers, I can see other computers that apparently seem to be using the internet as well. A double click on these network places (other customer computers) shows all the folders those Internet users are sharing (here my guess is that this is because their workgroup is named the same). Here some share their entire computer without a password.

Now my question is, is this:
To me it seems that this is a major security risk, the hotel is exposing its customers to, even though it requires the customers to share folders to make unauthorized access possible. Is this true or is there nothing the hotel can do/should do to prevent these authorized access to shared folders.

What does the hotel need to do to block this? And is such a setting like this hotel has common or normal? This is a very well respected 5 star hotel which accomodates some of the most rich/famous people.
0
Comment
Question by:mobile1
  • 3
  • 3
  • 2
  • +3
12 Comments
 
LVL 2

Expert Comment

by:kitisak
ID: 12245406
I think it depends on staffs's awareness. If they think customer's information is very important, they should secure. But you have to think about if you secure everything, it can make customer can't access internet.

PS. customers have to protect themselves first.
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12245514
Yep, welcome to Windoze, where pretty much anyone can see anything on your machine, should you be foolish enuf to hook it to a public network (like a hotel's guest net).

From the hotel's standpint, they provide you with connectivity. Its up to you to use it properly. The electricity in the wall sockets is a risk too, if you're foolish enuf to go sticking your car key into the little slot. As kitisak says, its up to the customer to protect themselves.

Me, I wouldn't get a Windoze PC anywhere near a hotel Ethernet port. Not even with XP SP2. You're asking for it to be h4x3d and 0wn3d by Little Johnny in Room 317.
0
 
LVL 3

Accepted Solution

by:
jasef earned 125 total points
ID: 12245876
Hi mobile1,
Thats a good question. The hotel is providing an Internet connection through a shared switch by the sounds of it.  It probably is fairly normal really, but whether it should or shouldn't be probably comes down to their usage policy.
From one perspective, the hotel is just providing a service. Whether individuals machines are secure or not is up to them. On the other hand, the average Joe doesn't know any of these things.
The hotel should NOT need users to share folders to provide internet acccess, and if they instruct users to do so this would be wrong IMO.
There are several things they could do to ensure clients security (if they wanted) without making the connection process more difficult (such as VLAN each room, or keep the connections physically different, or filter what data is allowed outbound to what IPs (firewalling)). On the other hand, depending on the setup, a determined and skilled hacker could possibly gain access anyway if the client machine has weak passwords or any number of vulnerabilities etc.

Cheers!
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12246158
Room 1337 actually PsiCop to follow your example
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12246747
> ..  it seems that this is a major security risk, the hotel is exposing its customers ..
wrong statement! Should be:
       it seems that the customers are exposing their shares in the hotel, which is a major risk (for them)

> 1337
and probably 31337 to ;-)
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12246839
ahoffmann - yeah, that too, but i think 1337 is the newer way ;-)
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 34

Expert Comment

by:PsiCop
ID: 12249096
*chuckle* Yeah, I forgot that. Room 1337 it is! :-)
0
 

Author Comment

by:mobile1
ID: 12249967
Now what about my question? a) is this normal that I can access other peoples shared folders on a hotel network? b) How can this be prevented? (blocking a certain port?)
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 12250318
a) Yes, as long as people use fundamentally insecure OSes like Windoze, and fail to secure them (to the extent that can be secured(

b) By the proliferation of alternative OSes that are not fundamentally insecure. As a hotel, I would not want to get into port-blocking, at least not in the US. Why? Common-carrier status. The less I regulate, the less liability I have. I attempt to regulate and I tell customers "I provide a secure environment" and they hook their computer to my network (and remember, I have NO idea what is on their computer or how stupidly it might be configured) and Little Johnny in Room 1337 h4x and 0wnz them, they are going to be coming to ME ask asking why I let them get nailed, since I promised them a "secure" environment (VLANs are *not* security). If I take the "common-carrier" approach, all the responsibility and LIABILITY is on them. If they have a vulnerable OS and/or stupid configuration, and they get nailed, well, mebbe they'll learn that have a vulnerable OS and/or a stupid config and change those things. Mebbe not. But I've got an easy way to see the inevitable lawsuit gets dismissed.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 12253860
mobile1, please read my comment (and most other too:) again:
  this is a problem of each customer, not the hotel (or whatever)
0
 
LVL 5

Expert Comment

by:Hypoviax
ID: 12253988
In my opinion, if the hotel allows users to connect to their network the hotel should give each customer a disclaimer and a brochure on the risks assciated with using such a network. They should include such things as turning on a firewall, desharing shared folders and updating their antivirus software. Although it is not their responsibility they have a duty of care and should, as good business practise, alert users to the risks associated and any measures that could be taken to prevent or minimise these risks.

Regards,

Hypoviax
0
 
LVL 3

Expert Comment

by:jasef
ID: 12255878
Comment from mobile1
Now what about my question? a) is this normal that I can access other peoples shared folders on a hotel network? It is not unusual

b) How can this be prevented? (blocking a certain port?)
The presentation of this question suggests you don't understand the basics of firewalling. Further interest in this line of questioning is probably best answered by considerable research or a course.  Many of the concepts are still rather complex and take time to digest (I've been working IT for 8 years and still have a lot to learn in regards to security which has been my specialisation for a year or so now). Some of the others might have some handy links, otherwise go to Zone Alarms or one of the other desktop firewall manufacturers; A lot of them have some great basic info such as you're after. That said

Technical Answer (A little outdated, but...):
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/Default.asp?url=/resources/documentation/windows/2000/server/reskit/en-us/cnet/cnfc_por_SIMW.asp

Easy Answer:
Removing 'File & Printer Sharing' and Activating the Windows XP basic firewall will do the basics (This essentially blocks any inbound (non-established) traffic to any port).
What other experts are saying here is that even when you block these ports, the many flaws in Windows design that keep coming out often leave your machine vulnerable even when you ARE firewalling the right ports in the right way.

If you want REAL security, Tiny Personal Firewall 6 is about as good as it gets for a Windows desktop firewall IMO. It's protects not only the basic IP ports and protocols & IDS etc, but also the integrity of your system (DLL/COM Access, Application Spawning, File, Registry Access etc).  Downside is it takes time to configure.
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now