RE : broadband connections in hotels

From: Bourque Daniel <Daniel.Bourque(at)loto-quebec.com>
Date: Mon Dec 09 2002 - 13:48:47 EST

There is also http://www.travelnet.ca/ and others products...

-----Message d'origine-----
De : shawnmer [mailto:shawnmer@io.com]
Envoyé : 6 décembre, 2002 19:23
À : Peter VE
Cc : security-basics@securityfocus.com
Objet : Re: broadband connections in hotels

Hi,

This is a result of your taking all control out of the hands of users...while it's very controlable from a sysadmin point of view, your users are obviously taken out of the loop and you wish to keep it that way.

That being said...

What firewall are you using on the laptops?

The device hosting the web page in the hotels your users are using is likely a Cisco BBSM (Building Broadband Service Manager) <http://www.cisco.com/univercd/cc/td/doc/product/aggr/bbsm/>

I've seen these use both port 80 and HTTPS on 443. The webserver is IIS :(

-scm

PV:Peter VE

PV>
PV>Hi all,
PV>
PV>I have a problem that has been bothering me for quite some time now 
PV>All of our laptops have a personal firewall. THis means that they can 
PV>connect to the internet (in terms of getting an IP address and do DNS 
PV>name resolution) + establish a VPN tunnel into the corporate network. 
PV>That's it... no browsing allowed, no email reading or sending 
PV>allowed.... When the users wants to access the internet, he has to 
PV>establish the VPN and use the corporate proxy server...  better safe 
PV>than sorry The users are not able to change the firewall policy nor  
PV>disable the firewall... it's always running
PV>The firewall is clever enough to detect when you are on the corporate
PV>network (private IP + ability to resolve internal DNS names), when you

are
PV>on the internet (non-corporate IP address, or private ip address but not PV>able to resolve corporate internal DNS name), when you are using VPN and so

PV>on... this really works well
PV>
PV>Some hotels offer a broadband connection... but before you can access 
PV>the internet, you need to connect to a website, and enter a passcode 
PV>(so proper billing can be done).  We are blocking all access so the 
PV>user cannot access this website... This is bothering me... how can we 
PV>set things up so the user can use the local broadband connection,
PV>without dynamically changing the policy,
PV>without allowing internet browsing access at all times..
PV>Also, keep in mind that not all websites are running on port 80... it

could

PV>be a different port...
PV>
PV>Any ideas ?
PV>
PV>thanks
PV>
PV>P
PV>

Received on Mon Dec 9 19:49:24 2002