RE: broadband connections in hotels

Greetings Peter,

         From what you describe, one thing that you may want to try is allow access to 192.168.x.x by IP only in the firewall rules as most of the webpages from hotels are internal sites. This has it’s obvious disadvantages, so you have to decide how much security you want to sacrifice in order to maintain flexability for the user.

         If they are external sites, then you could have the person dial-up with the built in 56K modem and VPN into work, thereby using the corporate proxy and then authenticate the password on the site in question. That should activate the billing for a set period of time (usually one night) and allow the user to then disconenct the dial-up and connect to the broadband connection.

         If all else fails, most of the hotels offering broadband to their guests would have a PC that the front desk that has an unrestricted internet access to that could initiate the billing on the travelers behalf.

Hope this helps,
Brad O'Brien
Operations Manager
Brylade Computer Solutions Ltd.        

-----Original Message-----
From: Peter VE [mailto:peter.ve@pandora.be] Sent: December 6, 2002 5:38 PM
To: security-basics@security-focus.com
Subject: broadband connections in hotels    

Hi all,  

I have a problem that has been bothering me for quite some time now

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

All of our laptops have a personal firewall.

THis means that they can connect to the internet (in terms of getting an IP

address and do DNS name resolution) + establish a VPN tunnel into the

corporate network. That's it... no browsing allowed, no email reading or

sending allowed....

When the users wants to access the internet, he has to establish the VPN and

use the corporate proxy server... better safe than sorry

The users are not able to change the firewall policy nor disable the

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

firewall... it's always running

The firewall is clever enough to detect when you are on the corporate

network (private IP + ability to resolve internal DNS names), when you are

on the internet (non-corporate IP address, or private ip address but not

able to resolve corporate internal DNS name), when you are using VPN and so

on... this really works well  

Some hotels offer a broadband connection... but before you can access the

internet, you need to connect to a website, and enter a passcode (so proper

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

billing can be done). We are blocking all access so the user cannot access

this website...

This is bothering me... how can we set things up so the user can use the

local broadband connection,

without dynamically changing the policy,

without allowing internet browsing access at all times..

Also, keep in mind that not all websites are running on port 80... it could

be a different port...  

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Any ideas ?  

thanks  

P Received on Tue Dec 10 12:02:37 2002