conkyjoe
TUG Member
Gosh, I've been reading several treads this week about wireless access at various resort properties. I am concerned about how safe any public, hotel or resort network is. Don't be fooled to believe that the network you are on is safe just because of a "hotel brand name".
Crimeware is a multimillion dollar industry and not science fiction. It's "for real". I do not wish to claim that any one Hotel Brand has a more secure network than any other. You should assume that any network you connect to while traveling is "open game" for hackers.
From what I understand most hotels and resorts don’t really spend the time and energy to secure the networks you'll be using while vacationing. Most vacation travelers are also not very informed about how to secure the data on their own computers.
As a result there is a bonanza of exposed systems available for any hacker that has a laptop and minimal skills to exploit an unsecured laptop (hopefully not yours). It is possible at many hotels or resorts to collect documents published in your shared folders right off of your computer, without you even knowing.
Couple of reasons. First, resorts don't typically seperate their guest LANs – meaning that everyone on the same segment may get across the entire network. This goes for wired and wireless access. A wireless hacker can sit in the parking lot near the facility and potentially gain access to the entire hotel/resort LAN. Most hotels or resorts don't invest in the type of expensive switching hardware to mitigate or prevent this possibility.
Second, many resorts don’t understand their own Internet connectivity, they may provide little beyond the kind of consumer-grade access that you use at your home. As unbelievable as it sounds, some even have little or no protection on their Internet connection within the facility.
Third, most laptop travelers don’t utilize any form of personal firewall and if they do, they don’t have them configured to hide themselves from guests who know how to open Windows Network Neighborhood and hunt around for open file shares. Within a minute or two, your computer can be an open book with any file shares you have published, exposed.
Finally, there are hotspots known as “evil twins”. These clone wireless networks run by malicious entities that use socal engineering and common names for the unsuspecting traveler to login to. You believe you are logging into the resort network, but it is "spoofed". Just pop in your credit card to get started and it's too late. There is no "recind within 7 days" on that transaction.
Most people are not aware of how poor wireless security can be.
Spend some time making sure your own laptop is properly configured. If you don’t have a personal firewall on it, buy one or download one. Zone Alarm is very popular with Windows and it works very well. The next time you travel, if you must bring your computer (to watch a DVD movie on the flight for example) keep it "off of the network" while you are at the resort. Use the opportunity to use computers in the Resorts business center to get to on email instead. Resist the temptation to take your laptop to the pool to do wireless "anything" .
Here are some other tips if you "must" take your computer with you on your vacation and get on the internet:
Turn-off your wireless adapter
Turn-off or block file sharing (and all other network services) on interfaces used for broadband access
Enable Windows Firewall or (preferably) install a third-party personal firewall
Use file encryption, available in Windows XP Professional and other products
Choose strong passwords with upper/lowercase letters and at least one numeric value.
Use a VPN client
Choose public Wi-Fi access that provides enhanced security services. Does Starwood Turbonet provide enhanced security sevices? Maybe we should find out?
Connect only to known SSIDs, using WPA/802.1X to verify the server's certificate
Disable ad-hoc mode and automated connection to non-preferred SSIDs
Use a host intrusion detection agent to detect/prevent risky connections, including bridging between wireless and wired interfaces.
If these recommendations are too "geeky" for you to understand, then to be on the safe side, use the computers in the business center or guest services to communcate over the internet. Don't let your computer get compromised while you are on vacation by assuming the network you are using is secure.
Personally, I am not a fan of Wireless connectivity. Less is more, I enjoy leaving my expenive "high-tech" toys at home when on vacation. Some resorts any many hotels have guest services computers or business centers for a reasonble fee, some are even free.
If you want to watch a DVD movie on the flight some airlines provide rentals DVD players on the flight. That's a nice alternative instead of taking your laptop exclusivly for that purpose.
Have you ever heard of a "keylogger"?
If not, here are close to 6,990,000 hits on Google to explain how they work, how to get one for "free" and how to put them on other peoples computers.
http://www.google.com/search?hl=en&q=keylogger
Be very careful when you put your property on someone elses network.
If you own a Mac laptop then the problem isn't as prevelent, "yet". It's just a matter of time before the marketshare will drive the crimeware investment.
I know this sounds scarey, it should, because it is. Know how to protect your data before you travel.
Crimeware is a multimillion dollar industry and not science fiction. It's "for real". I do not wish to claim that any one Hotel Brand has a more secure network than any other. You should assume that any network you connect to while traveling is "open game" for hackers.
From what I understand most hotels and resorts don’t really spend the time and energy to secure the networks you'll be using while vacationing. Most vacation travelers are also not very informed about how to secure the data on their own computers.
As a result there is a bonanza of exposed systems available for any hacker that has a laptop and minimal skills to exploit an unsecured laptop (hopefully not yours). It is possible at many hotels or resorts to collect documents published in your shared folders right off of your computer, without you even knowing.
Couple of reasons. First, resorts don't typically seperate their guest LANs – meaning that everyone on the same segment may get across the entire network. This goes for wired and wireless access. A wireless hacker can sit in the parking lot near the facility and potentially gain access to the entire hotel/resort LAN. Most hotels or resorts don't invest in the type of expensive switching hardware to mitigate or prevent this possibility.
Second, many resorts don’t understand their own Internet connectivity, they may provide little beyond the kind of consumer-grade access that you use at your home. As unbelievable as it sounds, some even have little or no protection on their Internet connection within the facility.
Third, most laptop travelers don’t utilize any form of personal firewall and if they do, they don’t have them configured to hide themselves from guests who know how to open Windows Network Neighborhood and hunt around for open file shares. Within a minute or two, your computer can be an open book with any file shares you have published, exposed.
Finally, there are hotspots known as “evil twins”. These clone wireless networks run by malicious entities that use socal engineering and common names for the unsuspecting traveler to login to. You believe you are logging into the resort network, but it is "spoofed". Just pop in your credit card to get started and it's too late. There is no "recind within 7 days" on that transaction.
Most people are not aware of how poor wireless security can be.
Spend some time making sure your own laptop is properly configured. If you don’t have a personal firewall on it, buy one or download one. Zone Alarm is very popular with Windows and it works very well. The next time you travel, if you must bring your computer (to watch a DVD movie on the flight for example) keep it "off of the network" while you are at the resort. Use the opportunity to use computers in the Resorts business center to get to on email instead. Resist the temptation to take your laptop to the pool to do wireless "anything" .
Here are some other tips if you "must" take your computer with you on your vacation and get on the internet:
Turn-off your wireless adapter
Turn-off or block file sharing (and all other network services) on interfaces used for broadband access
Enable Windows Firewall or (preferably) install a third-party personal firewall
Use file encryption, available in Windows XP Professional and other products
Choose strong passwords with upper/lowercase letters and at least one numeric value.
Use a VPN client
Choose public Wi-Fi access that provides enhanced security services. Does Starwood Turbonet provide enhanced security sevices? Maybe we should find out?
Connect only to known SSIDs, using WPA/802.1X to verify the server's certificate
Disable ad-hoc mode and automated connection to non-preferred SSIDs
Use a host intrusion detection agent to detect/prevent risky connections, including bridging between wireless and wired interfaces.
If these recommendations are too "geeky" for you to understand, then to be on the safe side, use the computers in the business center or guest services to communcate over the internet. Don't let your computer get compromised while you are on vacation by assuming the network you are using is secure.
Personally, I am not a fan of Wireless connectivity. Less is more, I enjoy leaving my expenive "high-tech" toys at home when on vacation. Some resorts any many hotels have guest services computers or business centers for a reasonble fee, some are even free.
If you want to watch a DVD movie on the flight some airlines provide rentals DVD players on the flight. That's a nice alternative instead of taking your laptop exclusivly for that purpose.
Have you ever heard of a "keylogger"?
If not, here are close to 6,990,000 hits on Google to explain how they work, how to get one for "free" and how to put them on other peoples computers.
http://www.google.com/search?hl=en&q=keylogger
Be very careful when you put your property on someone elses network.
If you own a Mac laptop then the problem isn't as prevelent, "yet". It's just a matter of time before the marketshare will drive the crimeware investment.
I know this sounds scarey, it should, because it is. Know how to protect your data before you travel.
