hotel nightmare part 2

I posted earlier about this, and now that we have a deployment plan (thanks
to his group), there is one more issue I have concerns about, that others
seem not to have?

Secured or unsecured. This is a large hotel, resort, and both the client and
my partner agree that a secured network means that the hotel would have to
"baby" clients through setups. Sometimes that means, walking to the farthest
end of the hotel to set up the wireless...

I, on the other hand, think you have to have some type of WEP. I dont think
its that hard, give the customers a key when they check in, if they cant
figure it out, then have them bring the laptop to the front desk?

I just think its so unproffesional when a client connects to a network, and
they get this big warning that the network is unsecure. I wouldnt want to
connect to it, although I probably would though, but I could see where some
customers would get really paranoid, and with reason...

So they dont want it, and I do....

Any more fuel I can add to my fire?

<seanNO@SPAMunhookedmusic.com> wrote in <BnzKe.7210$0d.7156@trnddc06>:
> I posted earlier about this, and now that we have a deployment plan (thanks
> to his group), there is one more issue I have concerns about, that others
> seem not to have?
>
> Secured or unsecured. This is a large hotel, resort, and both the client and
> my partner agree that a secured network means that the hotel would have to
> "baby" clients through setups. Sometimes that means, walking to the farthest
> end of the hotel to set up the wireless...
>
> I, on the other hand, think you have to have some type of WEP. I dont think
> its that hard, give the customers a key when they check in, if they cant
> figure it out, then have them bring the laptop to the front desk?
>
> I just think its so unproffesional when a client connects to a network, and
> they get this big warning that the network is unsecure. I wouldnt want to
> connect to it, although I probably would though, but I could see where some
> customers would get really paranoid, and with reason...
>
> So they dont want it, and I do....
>
> Any more fuel I can add to my fire?

You have to take into consideration the number of people who _have_
wireless, but have _no clue_ on how to properly use it.

I would at least compile a large set of howto's for different clients,
and your receptionists might have to be computer compliant :-), which I
guess is not always the case.

But on a whole (and for the greater good of man) I would feel that
having to teach your clients how to secure their Internet use will give
benefits over the days.

--
Stein Arne

paranoid <seanNO@spamunhookedmusic.com> wrote:
> Secured or unsecured. This is a large hotel, resort, and both the client
> and my partner agree that a secured network means that the hotel would
> have to "baby" clients through setups. Sometimes that means, walking to
> the farthest end of the hotel to set up the wireless...

Don't worry about the guests, worry about the employees.
Do you think you can adequately train all of them?
Do you think that the hotel will put up with that additional level of
talent that would now be required of the employees?
Embassy Suites in Denver can't even get the cleaning crew to plug the cable
modems back in after they vacuum the room

> I, on the other hand, think you have to have some type of WEP. I dont
> think its that hard, give the customers a key when they check in, if they
> cant figure it out, then have them bring the laptop to the front desk?

And stand in line in their jammies? I think not.

> I just think its so unproffesional when a client connects to a network,
> and they get this big warning that the network is unsecure. I wouldnt
> want to connect to it, although I probably would though, but I could see
> where some customers would get really paranoid, and with reason...

In one hotel, I was faced with a splash screen and asked whether I wanted a
tightly firewalled connection, or an open connection to the internet. The
suggestion was to use the protected connection unless I was using VPN.

> So they dont want it, and I do....

> Any more fuel I can add to my fire?

I've never been in a public place with working WEP.
Every one of them has required a splash screen login. Most are innocuous
and could be filled out by anyone. Some are tied to room billing, although
I can't remember what the certification was. Some have a "key" that was
dispensed as a label on the sleeve for the room key, but that was a splash
screen, not WEP.

The only place I've visited with WEP was in the guest area of a business
who had a wireless access point with an SSID of the "companyname"-customer,
WEP locked. Nobody knew who set up the network, nor what the wireless
password might be. Nobody seems to use wireless there. One guy knew where
the router was.

They did have an unoccupied desk with a cat 5 cable where they let me
connect while I wait.

I didn't get a splash screen. No explanation that I needed a key that was
available at the desk. No invitation to log in with my credit card.
Nothing.

--
---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5

On Thu, 11 Aug 2005 03:13:37 GMT, "paranoid"
<seanNO@SPAMunhookedmusic.com> wrote:

>I just think its so unproffesional when a client connects to a network, and
>they get this big warning that the network is unsecure.

Welcome to the modern way of dealing with technology. A friends new
Toyota Prius demands that the driver agree to the legal terms of
operation before it will start the vehicle. Get used to it.

>Any more fuel I can add to my fire?

The light at the end of the tunnel is a fire.

Don't use WEP. It's too big an administrative nightmare. I certainly
would not want employees diving into the access point setups to change
the WEP key at regular intervals.

You're worrying about the wrong things. The big headache is client
isolation or how you keep the clients for attacking each other. Most
access points and routers have ways of seperating the clients.
However, the hotel staff probably wants to use the wireless for
everything from remote video distribution for conference presentations
to paging. For those, they might need to go from client to client.
Be prepared for some debates over client isolation.

There'a also abuse management. The first guest that arrives with an
active worm or spam spewing trojan horse will give you a feel for the
problem. How are you going to identify the culprit? How are you
doing to block their traffic? Are you going to bang on their door at
3AM informing them that they have a compromised laptop? Your
nightmares may vary.

Traffic management is another issue. You cannot run a wireless system
wide open, where one file sharing or BitTorrent user can successfully
monopolize all the bandwidth. You need to throttle users down to a
reasonable level, block inefficient protocols, provide QoS for VoIP
users, and generally optimize the system.

Monitoring is another issue. I use MRTG and RRDTool to display graphs
of traffic, user count, type of traffic, and usage patterns. You need
these because the graphs define what constitutes "normal" operation.
When something changes, it will be instantly obvious with a change in
patterns.

Lot of other considerations you'll need to deal with on a large
system. I suggest you look into system managment software offered by
your unspecified equipment vendor. (You won't like the price.)



--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
AE6KS 831-336-2558

Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:
> Welcome to the modern way of dealing with technology. A friends new
> Toyota Prius demands that the driver agree to the legal terms of
> operation before it will start the vehicle. Get used to it.

For the Navigation system. And that doesn't really prevent him from
starting the car, does it? I thought the Buck Rogers display would leave
that warning up, but everything else worked.

---
Clarence A Dold - Hidden Valley (Lake County) CA USA 38.8,-122.5

On Thu, 11 Aug 2005 18:13:46 +0000 (UTC),
dold@XReXXhotel.usenet.us.com wrote:

>Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> wrote:
>> Welcome to the modern way of dealing with technology. A friends new
>> Toyota Prius demands that the driver agree to the legal terms of
>> operation before it will start the vehicle. Get used to it.
>
>For the Navigation system. And that doesn't really prevent him from
>starting the car, does it? I thought the Buck Rogers display would leave
>that warning up, but everything else worked.

I don't recall the exact wording but I'll post it next time I have the
opertunity. As I recall it didn't give any option other than
"approve" or something similar. I guess the choice is to either
approve the wholesale repudiation of liability and responsibility, or
just sit there and stare at the screen. I don't think there's any way
to bypass the screen without hitting "approve".

Incidentally, I spent quite a bit of time trying to get the marginally
compatible Bluetooth in the vehicle to pair with the Treo 650 phone.
Eventually, I found a workaround on a mailing list, but it still
doesn't work right. Verizon says call Palm. Palm says call Toyota.
Toyota says call Verizon. Sigh.


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice http://www.LearnByDestroying.com
# http://802.11junk.com
# jeffl@comix.santa-cruz.ca.us
# jeffl@cruzio.com AE6KS