lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 02 Oct 2008 11:02:43 -0400
From: Josh Ogle <jdo24@...nell.edu>
To: full-disclosure@...ts.grok.org.uk
Subject: Hotel Network Security: A Study of Computer
	Networks in U.S. Hotels

Hey guys,

I recently completed a research paper through Cornell concerning the 
security of hotel computer networks across the US.  I cite this mailing 
list in it.  If you all have any criticism or input (or an open position 
at your workplace?  I'm a jobless new graduate!), I'd love to be in 
contact.  You can find the paper here: 
http://www.hotelschool.cornell.edu/research/chr/pubs/reports/abstract-14928.html 
(registration required, sorry)

Executive Summary: A study of 147 U.S. hotels finds a mixed picture with 
regard to the security of guests’ connections to the hotels’ network, 
whether by cable or Wi-Fi. Since many business travelers connect 
remotely to continue working while on the road, the potential for theft 
of corporate information exists. Some hotels still rely on relatively 
rudimentary hub technology for their networks, and these are 
particularly subject to hacking. Others have upgraded to more secure 
switches or routers. Even better is encryption for Wi-Fi connections, 
but that still does not prevent malicious users from intercepting 
guests’ transmissions. An example of a best practice is presented in the 
case of the W Dallas Hotel—Victory, which has set up virtual local area 
networks (VLANs) for all of its users. The VLAN inhibits attackers from 
using their computer to imitate the hotel’s main server, which is the 
mechanism most would use to intercept other people’s data. Given that 
the technology exists to increase a hotel network’s security, a hotel 
could potentially be considered at fault for not taking the necessary 
precautions to protect their guests from hackers.

-Josh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ