Thread: hotel nightmare part 2
View Single Post
  #4 (permalink)  
Old 08-11-2005, 05:33 PM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: hotel nightmare part 2
On Thu, 11 Aug 2005 03:13:37 GMT, "paranoid"
<seanNO@SPAMunhookedmusic.com> wrote:

>I just think its so unproffesional when a client connects to a network, and
>they get this big warning that the network is unsecure.

Welcome to the modern way of dealing with technology. A friends new
Toyota Prius demands that the driver agree to the legal terms of
operation before it will start the vehicle. Get used to it.

>Any more fuel I can add to my fire?

The light at the end of the tunnel is a fire.

Don't use WEP. It's too big an administrative nightmare. I certainly
would not want employees diving into the access point setups to change
the WEP key at regular intervals.

You're worrying about the wrong things. The big headache is client
isolation or how you keep the clients for attacking each other. Most
access points and routers have ways of seperating the clients.
However, the hotel staff probably wants to use the wireless for
everything from remote video distribution for conference presentations
to paging. For those, they might need to go from client to client.
Be prepared for some debates over client isolation.

There'a also abuse management. The first guest that arrives with an
active worm or spam spewing trojan horse will give you a feel for the
problem. How are you going to identify the culprit? How are you
doing to block their traffic? Are you going to bang on their door at
3AM informing them that they have a compromised laptop? Your
nightmares may vary.

Traffic management is another issue. You cannot run a wireless system
wide open, where one file sharing or BitTorrent user can successfully
monopolize all the bandwidth. You need to throttle users down to a
reasonable level, block inefficient protocols, provide QoS for VoIP
users, and generally optimize the system.

Monitoring is another issue. I use MRTG and RRDTool to display graphs
of traffic, user count, type of traffic, and usage patterns. You need
these because the graphs define what constitutes "normal" operation.
When something changes, it will be instantly obvious with a change in
patterns.

Lot of other considerations you'll need to deal with on a large
system. I suggest you look into system managment software offered by
your unspecified equipment vendor. (You won't like the price.)



--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
AE6KS 831-336-2558

Reply With Quote