Many readers are familiar with the writings of Stephen Cobb, a prolific writer who has also written guest articles for this newsletter. Stephen recently became the chief security executive at STSN, a major supplier of broadband services to hotels and conferences worldwide.

We were chatting on the phone a few days ago and I asked Stephen about his new job and he very kindly responded by interviewing himself (!) and sending me this excellent report.

I have lightly edited his words, but otherwise the rest of this article is entirely Stephen’s own work.

* * *

Q: Hotel broadband service sounds like a niche market and not something that immediately comes to mind when we think about network security. Can you give readers some idea of the size of this field and why, as a security professional, you decided to get involved?

A: STSN got my attention with four facts.

* The average number of broadband connections it serves up every month, including both wired and wireless, averages over 700,000.

* The rate at which the number of wireless connections is growing month-on-month is about 50%.

* The primary use of these connections, both wired and wireless, is to access corporate VPNs.

* Some broadband connections are a lot less secure than others.

Q: In what ways are some hotels less secure?

A: Well, for example, some let guests browse the laptop hard drives of other guests. That presents a golden opportunity for people like criminal hackers, identity thieves and unethical competitors looking for an edge. Sometimes you just have to click on Network Neighborhood to see your fellow guests. And at hotels with poorly configured Wi-Fi, you could be sitting in a car a block away and do the same thing.

Q: So STSN considers its network secure. How do you back up that claim?

A: For starters, you won't be able to see computers belonging to other guests when you are staying at an STSN hotel. In turn, they won't be able to see yours. And if any of your readers find otherwise, I would like to hear about it (scobb@stsn.com).

Q: How can you achieve this when other providers apparently can't?

A: The short answer is that we use a virtual LAN for each connection through several layers of network address translation performed by our own on-site network controller, which feeds traffic over a dedicated backhaul to a regional point of presence (POP) that has enterprise-class physical and logical security and redundancy, all backed up by 24-7 monitoring.

M. E. Kabay, PhD, CISSP-ISSMP, is Program Director of the Master of Science in Information Assurance program at Norwich University.