Hotel Internet Network Security - what is normal?

I have a laptop which is part of an MSHOME workgroup in my Home Ethernet. I recently stayed at a hotel where I hooked up my laptop to the internet through their Ethernet connection. When I clicked onto network connections and then view-workgroup-computers, I can see other computers that apparently seem to be using the internet as well. A double click on these network places (other customer computers) shows all the folders those Internet users are sharing (here my guess is that this is because their workgroup is named the same). Here some share their entire computer without a password.

Now my question is, is this:
To me it seems that this is a major security risk, the hotel is exposing its customers to, even though it requires the customers to share folders to make unauthorized access possible. Is this true or is there nothing the hotel can do/should do to prevent these authorized access to shared folders.

What does the hotel need to do to block this? And is such a setting like this hotel has common or normal? This is a very well respected 5 star hotel which accomodates some of the most rich/famous people.
Who is Participating?

Improve company productivity with a Business Account.Sign Up

jasefConnect With a Mentor Commented:
Hi mobile1,
Thats a good question. The hotel is providing an Internet connection through a shared switch by the sounds of it.  It probably is fairly normal really, but whether it should or shouldn't be probably comes down to their usage policy.
From one perspective, the hotel is just providing a service. Whether individuals machines are secure or not is up to them. On the other hand, the average Joe doesn't know any of these things.
The hotel should NOT need users to share folders to provide internet acccess, and if they instruct users to do so this would be wrong IMO.
There are several things they could do to ensure clients security (if they wanted) without making the connection process more difficult (such as VLAN each room, or keep the connections physically different, or filter what data is allowed outbound to what IPs (firewalling)). On the other hand, depending on the setup, a determined and skilled hacker could possibly gain access anyway if the client machine has weak passwords or any number of vulnerabilities etc.

I think it depends on staffs's awareness. If they think customer's information is very important, they should secure. But you have to think about if you secure everything, it can make customer can't access internet.

PS. customers have to protect themselves first.
Yep, welcome to Windoze, where pretty much anyone can see anything on your machine, should you be foolish enuf to hook it to a public network (like a hotel's guest net).

From the hotel's standpint, they provide you with connectivity. Its up to you to use it properly. The electricity in the wall sockets is a risk too, if you're foolish enuf to go sticking your car key into the little slot. As kitisak says, its up to the customer to protect themselves.

Me, I wouldn't get a Windoze PC anywhere near a hotel Ethernet port. Not even with XP SP2. You're asking for it to be h4x3d and 0wn3d by Little Johnny in Room 317.
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

Room 1337 actually PsiCop to follow your example
> ..  it seems that this is a major security risk, the hotel is exposing its customers ..
wrong statement! Should be:
       it seems that the customers are exposing their shares in the hotel, which is a major risk (for them)

> 1337
and probably 31337 to ;-)
ahoffmann - yeah, that too, but i think 1337 is the newer way ;-)
*chuckle* Yeah, I forgot that. Room 1337 it is! :-)
mobile1Author Commented:
Now what about my question? a) is this normal that I can access other peoples shared folders on a hotel network? b) How can this be prevented? (blocking a certain port?)
a) Yes, as long as people use fundamentally insecure OSes like Windoze, and fail to secure them (to the extent that can be secured(

b) By the proliferation of alternative OSes that are not fundamentally insecure. As a hotel, I would not want to get into port-blocking, at least not in the US. Why? Common-carrier status. The less I regulate, the less liability I have. I attempt to regulate and I tell customers "I provide a secure environment" and they hook their computer to my network (and remember, I have NO idea what is on their computer or how stupidly it might be configured) and Little Johnny in Room 1337 h4x and 0wnz them, they are going to be coming to ME ask asking why I let them get nailed, since I promised them a "secure" environment (VLANs are *not* security). If I take the "common-carrier" approach, all the responsibility and LIABILITY is on them. If they have a vulnerable OS and/or stupid configuration, and they get nailed, well, mebbe they'll learn that have a vulnerable OS and/or a stupid config and change those things. Mebbe not. But I've got an easy way to see the inevitable lawsuit gets dismissed.
mobile1, please read my comment (and most other too:) again:
  this is a problem of each customer, not the hotel (or whatever)
In my opinion, if the hotel allows users to connect to their network the hotel should give each customer a disclaimer and a brochure on the risks assciated with using such a network. They should include such things as turning on a firewall, desharing shared folders and updating their antivirus software. Although it is not their responsibility they have a duty of care and should, as good business practise, alert users to the risks associated and any measures that could be taken to prevent or minimise these risks.


Comment from mobile1
Now what about my question? a) is this normal that I can access other peoples shared folders on a hotel network? It is not unusual

b) How can this be prevented? (blocking a certain port?)
The presentation of this question suggests you don't understand the basics of firewalling. Further interest in this line of questioning is probably best answered by considerable research or a course.  Many of the concepts are still rather complex and take time to digest (I've been working IT for 8 years and still have a lot to learn in regards to security which has been my specialisation for a year or so now). Some of the others might have some handy links, otherwise go to Zone Alarms or one of the other desktop firewall manufacturers; A lot of them have some great basic info such as you're after. That said

Technical Answer (A little outdated, but...):

Easy Answer:
Removing 'File & Printer Sharing' and Activating the Windows XP basic firewall will do the basics (This essentially blocks any inbound (non-established) traffic to any port).
What other experts are saying here is that even when you block these ports, the many flaws in Windows design that keep coming out often leave your machine vulnerable even when you ARE firewalling the right ports in the right way.

If you want REAL security, Tiny Personal Firewall 6 is about as good as it gets for a Windows desktop firewall IMO. It's protects not only the basic IP ports and protocols & IDS etc, but also the integrity of your system (DLL/COM Access, Application Spawning, File, Registry Access etc).  Downside is it takes time to configure.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.