• United States

Vroom at the inn? First fasten your seatbelt

Aug 10, 20044 mins
Mobile Device ManagementNetwork SecurityNetworking

* STSN’s Stephen Cobb talks about secure wireless nets for hotels

Many readers are familiar with the writings of Stephen Cobb, a prolific writer who has also written guest articles for this newsletter. Stephen recently became the chief security executive at STSN, a major supplier of broadband services to hotels and conferences worldwide.

We were chatting on the phone a few days ago and I asked Stephen about his new job and he very kindly responded by interviewing himself (!) and sending me this excellent report.

I have lightly edited his words, but otherwise the rest of this article is entirely Stephen’s own work.

* * *

Q: Hotel broadband service sounds like a niche market and not something that immediately comes to mind when we think about network security. Can you give readers some idea of the size of this field and why, as a security professional, you decided to get involved?

A: STSN got my attention with four facts.

* The average number of broadband connections it serves up every month, including both wired and wireless, averages over 700,000.

* The rate at which the number of wireless connections is growing month-on-month is about 50%.

* The primary use of these connections, both wired and wireless, is to access corporate VPNs.

* Some broadband connections are a lot less secure than others.

Q: In what ways are some hotels less secure?

A: Well, for example, some let guests browse the laptop hard drives of other guests. That presents a golden opportunity for people like criminal hackers, identity thieves and unethical competitors looking for an edge. Sometimes you just have to click on Network Neighborhood to see your fellow guests. And at hotels with poorly configured Wi-Fi, you could be sitting in a car a block away and do the same thing.

Q: So STSN considers its network secure. How do you back up that claim?

A: For starters, you won’t be able to see computers belonging to other guests when you are staying at an STSN hotel. In turn, they won’t be able to see yours. And if any of your readers find otherwise, I would like to hear about it (

Q: How can you achieve this when other providers apparently can’t?

A: The short answer is that we use a virtual LAN for each connection through several layers of network address translation performed by our own on-site network controller, which feeds traffic over a dedicated backhaul to a regional point of presence (POP) that has enterprise-class physical and logical security and redundancy, all backed up by 24-7 monitoring.

But the real answer is that our patented iBahn network was designed from the ground up to serve the hotel and public-access environment, which is radically different from your typical “open” office network. On an office network you want people to be able to see each other, so to speak, because you want sharing and collaboration. A hotel is almost the opposite. You don’t want to share your data with fellow guests (or the war driver in the parking lot). You want a “closed” network that takes you out to the Internet on your own private connection, one that supports your company’s VPN.

Q: You mentioned VPNs before. If I am using a VPN and have a personal firewall on my laptop, why do I need to worry about who is providing my hotel broadband connection?

A: First, the VPN has to work. STSN actually certifies and supports, via our 24-7 toll-free number, specific corporate VPN configurations from many of the Fortune 500 companies. Second, a client firewall is only as good as its operator. For example, a few days ago I was invited to a Webcast that was very relevant to my work and the access page actually told me to turn off my personal firewall. Is your typical laptop-using business traveler going to remember to turn it back on? The bottom line is you want to use as many different security layers as you can get, and STSN can provide several of those layers.