May 10th, 2004, 10:59 PM #1
- Join Date
- Mar 2004
Adding free internet access to a business...
I have a question on what the best way to offer Internet access for a hotel business would be?
Currently I am using one hotel, out of several, as a test bed to find out what the best solution to this problem would be. I want to give wireless access to all the rooms as well as regular wired access to at least half, if not all. All 76 rooms are wired with RJ-45 cables that lead to a central room.
My understanding is that I can connect those 76 RJ-45 cables to switches and have the switches connect to a gateway that distributes the Internet access. As for wireless Iím know I could setup up several access points across the hallways of the hotel and have them talk to the gateway for internet access.
If this is correct, then my problem is 1) offering security to each room, 2) keeping the public from access the network, and 3) keeping the central office computers on a separate, secure network that can still access the internet and each other computer within the office intranet.
I would like to use a mix-mode signal (b & g) and it would be prefered to keep all equipment inside if possible. I can place antennas and the like on the outside, but not on any other buildings.
I thank those of you who can help me with any suggestions or solutions.
May 10th, 2004, 11:48 PM #2
I think adding free internet access (especially wireless internet access) to a hotel/motel nowadays is a hazardous idea. granted, legit people will use it, but you will always have some creep who checks in, brings a laptop, and sends out spam or virus attacks, or worse, a DDOS attack. There is also the possiblity of people "wardriving" the wireless internet connection. you didn't mention if it is a big hotel/motel I.E. a Marriot, or a small motel/hotel that could double as a bomb shelter in case of nuclear war because of all the leaded paint it has since the last remodel in 1955! I'm not trying to scare you, just giving a view point that a free access system does carry abuse with it. you could battle harden it from people "gaining access" from the outside, but what about the inside? I would think maybe you could block access to all the email ports, so they do not setup a email server and use that. you could also have a talented person though setup a email server that does not use the default ports, and selects random ones all the time. what if someone also "spliced" the line in the room, and managed to bury a small computer inside the room that acted like a server? then you have some warez group using your bandwith to serve up their illegal files.
I hope this hasn't scared you. I told you this, so you would think like a criminal, and know what they would probably do. I can only cover so much. Someone else may have a far more devious and illegal idea to use free internet access for.
If it is a upscale motel/hotel, scammers may also be happy to pay $400 a night for "free" internet access, because a client might pay them a healthy chunk of change, or reimburse them for the cost to spam/virus attack/ddos attack someone. if it is a $35 econo lodge, then they would really be in heaven! (low operating costs)
You could enter into a even more sticky trap if people breached the administrative system, and had a field day with whatever juicy information is on it. My opinion? if it could be done (not sure about the whole setup) the administrative computers should be wired to be offline entirely, not hooked to a outside line. maybe have a dedicated computer just for internet access, I.E. online hotel reseverations? You could have someone in the administrative section who hates windows xp, and loves windows 98, but does not bother to run windows update. a outsider checks into a room, and manages to scan the network addresses assigned to the hotel/motel, and finds this weak machine. using this machine, they could possibly use it to attack other "hardened" machines.
I'll allow people to step in, and give solutions to protect the system, now that I told you how someone can tear it apart!
I could have "flawed" advice, I don't know. step right up! offer advice everyone!
Last edited by nochay; May 10th, 2004 at 11:51 PM.Back Online! http://rhd.dyndns.org <-- The History Site (Admin)
May 11th, 2004, 12:19 AM #3
- Join Date
- Jul 2002
I agree with some of the points of your post, but disagree in general. With the right equipment, such as a good managed switch, WPA encryption for the wireless, and other security measures in place, there's no good reason not to offer this service to guests.
First of, P2P (file sharing) ports can be disabled with a good firewall, which will also allow you to monitor traffic to/from specific IP addresses, and on all ports (so you can catch any would be spammers and shut them down).
Secondly, using the managed switch, you can create 2, or ideally 3 distinct and separate subnets. The first network will be for the office computers, it will have access to the other networks and the internet, but those networks cannot access that subnet. The second and third networks will be for the hotel room jacks, and the wireless access points. They will have internet web/email access and that's it. Again, setting a system like this up isn't terribly difficult, and there are even some open source solutions so you can do it inexpensively*.
On the wireless side, you can set up a WPA encrypted system that will encrypt the wireless packet data (to prevent some bozo with a yagi antenna sitting out in your parking lot grabbing guests credit card info), but can be connected to without the need for entering in a 64/128/256 bit key. Heck, if you wanted to go a step further, you could have 25 or more wireless PCMCIA cards, and let the guests "rent" them for a night. Then, use trusted MAC addresses on the WAPs, so only a hotel wireless card can access the network.
These are just a few thoughts, there are a lot of ways to go about this, and considering most of the infrastructure is already in place, it shouldn't be terribly expensive. Oh, whether you do this through DSL/Cable Modem/T1, you'll want to buy business class service. This guarantees that if your service ever goes down, you get immediate help and support. Its amazing how much better service is when I call as an I.T. Manager, and not a residential customer.
May 11th, 2004, 05:10 AM #4
- Join Date
- Mar 2004
In the hotel industry, like many others, you need to keep up with competition and offer everything you can to your customers. Itís also now become a requirement of the major franchises to provide ďfreeĒ internet access to all customers, so Iím forced to comply.
Iíve thought about most of these security issues already. I plan on breaking up the network into several subnets and use a firewall to block ports. I'll be limiting the bandwidth of each individual to detract from any one wanting to use it for nefarious deeds. I never thought about the issue where someone would rent a room for the ďfreeĒ internet access, but if they are willing to pay then thatís increased revenue.
Originally Posted by mksoccer
Thanks for your suggestions, but Iíd still love to hear more from other people. More specifically on the best way to setup a network and manage it. Right now there are several companies out there who want to people to pay around $5,500 to install a router and a couple of access points. I know for a fraction of that you can create a much more feature rich network.
May 15th, 2004, 12:02 PM #5
- Join Date
- Nov 2003
May 16th, 2004, 07:12 AM #6Thanks for your suggestions, but Iíd still love to hear more from other people. More specifically on the best way to setup a network and manage it. Right now there are several companies out there who want to people to pay around $5,500 to install a router and a couple of access points. I know for a fraction of that you can create a much more feature rich network.
My g/f at the time asked me to set up a network for her law firm. I told her setting up the server, internet connection, wirring the offices and installation would be the easy part. The problem would be if the server crashed during the week while she was meeting with clients and I was flying 30,000 ft above her (which was a several times a month). Long story short, I helped her research a local network company with a good reputation. It was more expensive up front (I figured for $8,000 I could wire and install the network in their offices) as they were quoted $20,000 including the server, licenses, installation and maintence agreement, but in the long run it having someone on tap for service is always better than relying on a friend or yourself.
BTW, a suggestion, ensure the guest network is totally seperate from your business network, preferably a seperate line coming into your office. Also set up a "guest" machine in your office area. This way you can see if the guest services are down as whole incase someone calls or if the guest doesn't know what they are doing.
-RADAR"Men sleep peacefully in their beds at night because rough men stand ready to do violence on their behalf."
May 16th, 2004, 05:44 PM #7
You also will need to consider the customer side for this, perhaps even stay in a htoel that offers these services currently to experience it from that side. I got to travel on company business recently (don't get to do that often) and stayed in a hotel that offered wireless access (there was no wired access available). Well, the company laptop did not have a wireless card, so I asked the front desk individual what I could do. It turns that they offer Linksys Wireless adaptors for their guests. I did have to have my credit card swiped in case I broke the adaptor, but other than that, it was free of charge.
When I got up to the room I hooked everything up. Quickly, I realized I had a static IP on the laptop so I had to reset that DHCP. Once that was done, it was working. When I fired up the browser, it brough me automatically to an agreement page (instead of my home page) that I had to agree to before I could proceed. That is something that you will need to consider having. Past that, everything worked great.
I wish I had a wireless card to see how they treated that. Do they require your MAC address and do fitlering that way, or do they provide you with a temporary key. It is not a wide-open network, I do know that. I am pretty sure the wireless adaptor I had used MAC filtering.
1. You will probably not need to offer wireless adaptors as you have the datjacks hardwired.
2. Consider the support aspect, as your night clerk will need to be able to do some basic troubleshooting for your guests (or you could have some sort of troubleshooting FAQ and give notice that that is the extent of your support),
3. Work with some lawyers and draft some sort of rock-solid usage agreement form. Make all guests sign this before they are given access. Cover your a....
4. You may want to start with just offering the wired access. Most, if not all laptops have a network jack. Keep it simple at first. Work on the process before upping the features. Make sure the internal security is solid and that the service is acceptable. See how this impacts your operations. When all is acceptable, introduce wireless access.
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
By cunokyle in forum Applications and Operating SystemsReplies: 1Last Post: October 12th, 2003, 06:31 PM
By John Prophet in forum Applications and Operating SystemsReplies: 11Last Post: November 26th, 2002, 09:21 PM
By air in forum Networking and InternetReplies: 15Last Post: March 20th, 2002, 02:50 AM
By highfield in forum Applications and Operating SystemsReplies: 9Last Post: January 20th, 2002, 02:58 PM