[ISN] Beware of hotel Internet connections

From: InfoSec News <alerts_at_private>
Date: Mon, 6 Oct 2008 01:20:17 -0500 (CDT)

By Joab Jackson

Jetsetting federal workers should be careful about how they use the 
Internet connections supplied by hotels, as most are not secured 
properly, according to a new study from the Cornell University School of 
Hotel Administration.

"[H]otels in the U.S. are generally ill-prepared to protect their guests 
from network security issues," concluded the study [1], titled "Hotel 
Network Security: A Study of Computer Networks in U.S. Hotels."

One hundred forty-seven hotels responded to a written survey sent out by 
the researchers, asking about each hotel's network infrastructure. In 
addition, the researchers paid a visit to 46 hotels in person in order 
to surreptitiously scan their networks. The hotels surveyed ranged from 
family-oriented hotels to those serving more of a business clientele.

They had found that 20 percent of hotel networks use simple hub 
topologies, in which every packet from every user gets broadcast to 
every other user. This is an unsecured network, the researchers warned.

"The key problem with a hub is that it simply repeats any information 
that is sent to it. ... In an ideal situation, only the transmissions 
that are associated with your computer would come back to you," the 
report states. An interloper could simply set his network card to save 
all the packets it is sent, not merely those designated to go to that 
computer's address.

[1] http://www.hotelschool.cornell.edu/research/chr/pubs/reports/abstract-14928.html


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Sun Oct 05 2008 - 23:20:17 PDT

This archive was generated by hypermail 2.2.0 : Sun Oct 05 2008 - 23:31:50 PDT