Staying Safe in the Wild West of Hotel Wi-FiFebruary 28, 2017 Leave your thoughts
Whilst I was lying on my sunbed last week enjoying some foreign February weather (it was lovely, thanks for asking) I couldn’t help but to notice the many different people, of varying ages, with different kinds of electronic devices and I started thinking about Wi-Fi privacy (or lack of) on public Wi-Fi.
For what was a considerably large, sprawling holiday resort, the Wi-Fi coverage was pretty universal and it was of a decent enough standard to support the many users requiring access -which makes a pleasant change from previous hotel Wi-Fi experiences!
A Lack of Encryption
As is the case for many hotels these days, users were split into two sub-groups; those willing to pay for the pleasure, who were able to roam freely around the complex whilst enjoying uninterrupted service, and those who opted for the more cost-effective ‘free’ version, which was limited to Wi-Fi hotspot coverage.
Although these two tiers offered different levels of service (primarily areas of Wi-Fi coverage) depending on whether you pay or not, what they had in common was the lack of any encryption.
Encryption is often deemed a ‘faff’ when deploying public Wi-Fi for hotels and guests alike. Firstly, encryption requires a key to be input by the user (unlikely) and secondly, the hotel would then have to provide support resources for the inevitable issues that would arise (more unlikely?).
Splash Portal to the Wild West of Wi-Fi
So, for ease-of-use, my hotel of choice deployed a splash portal redirection, through which you were prompted to confirm acceptance of their Wi-Fi terms and conditions and…you’re on…in the Wild, Wild West of Wi-Fi.
Without delving too deep, as that would have meant bringing some network analysis tools and I’m very sure my wife would not appreciate that (!), I could tell the network was configured as a large flat subnet, so all users were co-existing on the same IP range.
It is probably safe to assume that, for the majority of holiday-makers, connectivity with a minimum of hassle is the primary concern. After all, getting online to post pictures, tweet or DM isn’t usually prefaced by stringent security protocols.
It is also probably safe to assume that most of my fellow Wi-Fi-enabled patrons would share the view that other users are ‘benign’ and are, for the most-part, doing the same as them. However, putting my security hat on, I know this is not always true.
Next Generation Firewalls
I spend a lot of time deep within the logs of Next Generation Firewalls from the likes of Cisco and Palo Alto Networks and know from past experience that, whatever we assume the traffic flows are on a network, there is always some malware or user activity outside the norm.
Again, I didn’t have the means to test my hotel Wi-Fi security (or, the desire to deploy them from my sun-soaked lounger) but it is a sure-bet that the results would have made interesting reading. We do offer a Application Visibility and Risk (AVR) report for businesses looking for insight into the traffic flows on their network – to find out more about that, CLICK HERE.
The Point is a Lack of Hotel Wi-Fi Privacy
So, getting to the point (finally), Wi-Fi privacy is what hotel Wi-Fi users probably imagine they are getting when the reality is somewhat different.
As network designers our roles are to combine the functionality and ease-of-use of a public Wi-Fi with robust security built in at the network layer to protect the user. The security component is essential as we know, users won’t generally protect themselves.
Hotels Require Simplified Wi-Fi Solutions
Such a platform that can create these security structures and provide the protection required in hotel and hospitality environments is the RGNets Gateway solution, which combines multiple functions into one box for such deployments, with any or some of the modules being used as required:
- Advertising Control
- Bandwidth Throttling
- Portal Splash Screens
- Authentication and Payment Gateway Integration
Also, one other key feature which overcomes the Wild West of a large free-for-all Wi-Fi network with no encryption; Dynamic Private VLANs. These private VLANs allow each user to be segmented away from others users and have security and control policies applied at their Layer 3 boundary thus protecting the user without them knowing they are being protected.
My next blog will go into further detail about the technical and commercial benefits of the RGNets Gateways, until then to discuss with us how this could help your hospitality or public WiFi deployment please contact us by calling 01929 556 553 for a chat with one of our technical team!