NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > InfoSec News> current

[ISN] Beware of hotel Internet connections

From: InfoSec News (alertsinfosecnews.org)
Date: Mon Oct 06 2008 - 01:20:17 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.gcn.com/online/vol1_no1/47290-1.html

By Joab Jackson
GCN.com
10/03/08

Jetsetting federal workers should be careful about how they use the
Internet connections supplied by hotels, as most are not secured
properly, according to a new study from the Cornell University School of
Hotel Administration.

"[H]otels in the U.S. are generally ill-prepared to protect their guests
from network security issues," concluded the study [1], titled "Hotel
Network Security: A Study of Computer Networks in U.S. Hotels."

One hundred forty-seven hotels responded to a written survey sent out by
the researchers, asking about each hotel's network infrastructure. In
addition, the researchers paid a visit to 46 hotels in person in order
to surreptitiously scan their networks. The hotels surveyed ranged from
family-oriented hotels to those serving more of a business clientele.

They had found that 20 percent of hotel networks use simple hub
topologies, in which every packet from every user gets broadcast to
every other user. This is an unsecured network, the researchers warned.

"The key problem with a hub is that it simply repeats any information
that is sent to it. ... In an ideal situation, only the transmissions
that are associated with your computer would come back to you," the
report states. An interloper could simply set his network card to save
all the packets it is sent, not merely those designated to go to that
computer's address.

[1] http://www.hotelschool.cornell.edu/research/chr/pubs/reports/abstract-14928.html

[...]

__________________________________________________
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!
http://conference.hackinthebox.org/hitbsecconf2008kl/

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]