Standout Hotel Hotspots

Founded in 1998, Salt Lake City, Utah-based STSN is a veteran in a new business: providing
Internet services to business travelers. The company’s business strategy is
described in the companion article, ISP Profile: STSN. This article is
about a growing and fascinating area of STSN’s business: hotspots.


The hotspots that STSN installs in hotels and conference centers are more
powerful that your garden variety hotspot (a.k.a. the coffee shop hotspot).
Hotel hotspots have to be as secure as a corporate wired network because they
routinely carry information that is as valuable as the information on a
corporate wired network.

In order to demonstrate the potential problems, STSN’s CTO and co-founder,
Brett Molen, invited Fortune Magazine’s Peter Lewis on a white hat hacking tour
(see the article Hacking
Inn
, subscription required, or the .pdf). The upshot was
that many hotels run insecure networks that expose their customers in ways many
corporate users may not be aware of.

STSN’s answer, of course, is that every corporate user should demand an STSN
quality network.

Molen says there’s a lot more to securing a hotspot than you might think. “In
the press, they talk a lot about encryption problems with wireless, but there
are also network architecture problems that people miss. For example, you hear a
lot about security gateways, but people can bypass that.”

In the Peter Lewis article, Molen demonstrates that one person in a hotel
lobby can get in at the OS layer of the hard drive of someone else in the lobby.
“We’ve found that there’s not a lot of talk about protecting other users at the
lower layer, not just in the air,” he says. “Many Windows boxes, for example,
come with file sharing turned on.” The STSN network has to protect against these
kinds of common vulnerabilities.

“You’ve got to design the network for end to end protection,” says Molen.
“You’ve got to protect the lobby from the guest room and also control guest room
to guest room access.”

Conferences are a significant source of income for some hotels, but they can
make life difficult for the network administrator. For example, if you have a
conference with 800 Intel employees, they will all probably download e-mail at
the end of the day, between about 5 PM and 7 PM local time.

At that point, each employee needs a different IP address to access the
corporate mail system through a VPN. If the corporate mail system detects two
different accounts being access by the same IP address, it may assume it is
being spammed or attacked, and shut out both employees.

“We have a pool of IP addresses at our POPs,” explains Molen. “We’ve got a
dynamic system and if a hotel needs it, we can give 900 IP addresses to that
hotel.”

For conferences, the company can set up purpose-built Web servers as needed.
For example, in the case above, if Intel had 800 people at a conference, it
might also want to post discussion materials or even live conference feeds on a
Web server for other Intel employees around the world who were unable to attend.

This service is so popular that some companies pay for a subscription. “For
customers that do this a lot we have what we call a private corporate connection
so that employees can link to the server and the traffic will never hit the
public Internet,” says Molen. “It all goes securely over our network and even
uses private addressing, so there are no Internet-routable IPs.”

STSN has found there’s money to be made in the hotel conference business, but
that it demands service above and beyond what most traditional ISPs expect to
have to provide their enterprise clients.

The company feels that providing unique services gives it a competitive edge.
Sandra Richards, STSN’s director of marketing, explains it in simple terms.
“You’ve got to know your customer.” That’s a motto any ISP should heed.

Reprinted from ISP-Planet.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web