RealTime IT News

Standout Hotel Hotspots

Founded in 1998, Salt Lake City, Utah-based STSN is a veteran in a new business: providing Internet services to business travelers. The company's business strategy is described in the companion article, ISP Profile: STSN. This article is about a growing and fascinating area of STSN's business: hotspots.

The hotspots that STSN installs in hotels and conference centers are more powerful that your garden variety hotspot (a.k.a. the coffee shop hotspot). Hotel hotspots have to be as secure as a corporate wired network because they routinely carry information that is as valuable as the information on a corporate wired network.

In order to demonstrate the potential problems, STSN's CTO and co-founder, Brett Molen, invited Fortune Magazine's Peter Lewis on a white hat hacking tour (see the article Hacking Inn, subscription required, or the .pdf). The upshot was that many hotels run insecure networks that expose their customers in ways many corporate users may not be aware of.

STSN's answer, of course, is that every corporate user should demand an STSN quality network.

Molen says there's a lot more to securing a hotspot than you might think. "In the press, they talk a lot about encryption problems with wireless, but there are also network architecture problems that people miss. For example, you hear a lot about security gateways, but people can bypass that."

In the Peter Lewis article, Molen demonstrates that one person in a hotel lobby can get in at the OS layer of the hard drive of someone else in the lobby. "We've found that there's not a lot of talk about protecting other users at the lower layer, not just in the air," he says. "Many Windows boxes, for example, come with file sharing turned on." The STSN network has to protect against these kinds of common vulnerabilities.

"You've got to design the network for end to end protection," says Molen. "You've got to protect the lobby from the guest room and also control guest room to guest room access."

Conferences are a significant source of income for some hotels, but they can make life difficult for the network administrator. For example, if you have a conference with 800 Intel employees, they will all probably download e-mail at the end of the day, between about 5 PM and 7 PM local time.

At that point, each employee needs a different IP address to access the corporate mail system through a VPN. If the corporate mail system detects two different accounts being access by the same IP address, it may assume it is being spammed or attacked, and shut out both employees.

"We have a pool of IP addresses at our POPs," explains Molen. "We've got a dynamic system and if a hotel needs it, we can give 900 IP addresses to that hotel."

For conferences, the company can set up purpose-built Web servers as needed. For example, in the case above, if Intel had 800 people at a conference, it might also want to post discussion materials or even live conference feeds on a Web server for other Intel employees around the world who were unable to attend.

This service is so popular that some companies pay for a subscription. "For customers that do this a lot we have what we call a private corporate connection so that employees can link to the server and the traffic will never hit the public Internet," says Molen. "It all goes securely over our network and even uses private addressing, so there are no Internet-routable IPs."

STSN has found there's money to be made in the hotel conference business, but that it demands service above and beyond what most traditional ISPs expect to have to provide their enterprise clients.

The company feels that providing unique services gives it a competitive edge. Sandra Richards, STSN's director of marketing, explains it in simple terms. "You've got to know your customer." That's a motto any ISP should heed.

Reprinted from ISP-Planet.