{"id":60,"date":"2008-09-15T13:52:07","date_gmt":"2008-09-15T18:52:07","guid":{"rendered":"http:\/\/www.webadminblog.com\/?p=60"},"modified":"2008-09-15T17:12:36","modified_gmt":"2008-09-15T22:12:36","slug":"consider-your-hotel-networks-hostile","status":"publish","type":"post","link":"https:\/\/www.webadminblog.com\/index.php\/2008\/09\/15\/consider-your-hotel-networks-hostile\/","title":{"rendered":"Consider Your Hotel Network Hostile"},"content":{"rendered":"<p>As I&#8217;m preparing to take my trip to New York for the OWASP AppSec Conference, I came across a <a href=\"http:\/\/www.hotelschool.cornell.edu\/research\/chr\/pubs\/reports\/abstract-14928.html\">timely article<\/a> on the risks involved with using a hotel network.\u00a0 The Center for Hospitality Research at Cornell University surveyed 147 hotels and then conducted on-site vulnerability testing at 50 of those hotels.\u00a0 Approximately 20% of those hotels still run basic ethernet hub-type networks and almost 93% offer wireless.\u00a0 Only six of the 39 hotels that had WiFi networks were using encryption (see my blog on why are people still using WEP for why this is necessary).\u00a0 What does this mean for you, Joe User?\u00a0 It means that both your personal and company information is at risk any time you connect to those networks.\u00a0 The next time you&#8217;re surfing the web, start paying attention to all of the non-SSL links (http:\/\/ versus https:\/\/) that you visit.\u00a0 Then, think about the information that you are passing along to those sites.\u00a0 Are you signing in with a user name and password?\u00a0 Entering credit card information?\u00a0 Whatever it is, you better make sure that it&#8217;s something that you wouldn&#8217;t feel bad if it wound up on a billboard in Times Square, because that&#8217;s about how risky your trasmission could be.<\/p>\n<p>Before you get too concerned, there are a few things you can do to try to prevent this.\u00a0 First, <strong>DO NOT<\/strong> visit any links where you transmit information unencrypted.\u00a0 This is just asking for trouble.\u00a0 Since many man-in-the-middle type attacks can still be used to exploit this, my second suggestion is to use some sort of VPN tunnel.\u00a0 Whether it&#8217;s a corporate VPN or just a freebie software VPN to your network back home, this allows you to encrypt all traffic over the untrusted hotel network.\u00a0 Make this your standard operating procedure anytime you connect to an untrusted network (not just a hotel) and you should keep your data much safer.\u00a0 Lastly, please be sure to have current firewall and anti-virus software on the computer you are using to connect to the untrusted network.\u00a0 The last thing you want is to get infected by some worm or virus just by plugging in to the network.<\/p>\n<p>One other thing that I think that deserves mentioning here is that if you don&#8217;t absolutely have to use the internet on an untrusted network, then don&#8217;t do it.\u00a0 Obviously, there are times when you need access to do work, pay bills, etc, but if you can save those tasks until you reach a more familiar (and hopefully safer) network, that is far and away the best way to keep yourself and your data safe.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As I&#8217;m preparing to take my trip to New York for the OWASP AppSec Conference, I came across a timely article on the risks involved with using a hotel network.\u00a0 The Center for Hospitality Research at Cornell University surveyed 147 hotels and then conducted on-site vulnerability testing at 50 of those hotels.\u00a0 Approximately 20% of [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[70,28,19],"tags":[125,123,73,90,622,126,124,21],"class_list":["post-60","post","type-post","status-publish","format-standard","hentry","category-networking","category-security","category-wireless-networks","tag-data","tag-hotel","tag-network","tag-secure","tag-security","tag-vpn","tag-wifi","tag-wireless"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_shortlink":"https:\/\/wp.me\/pfI0c-Y","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/60","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/comments?post=60"}],"version-history":[{"count":4,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/60\/revisions"}],"predecessor-version":[{"id":64,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/posts\/60\/revisions\/64"}],"wp:attachment":[{"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/media?parent=60"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/categories?post=60"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webadminblog.com\/index.php\/wp-json\/wp\/v2\/tags?post=60"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}