How secure am I using a hotels internet?

TheBigCheese

TheBigCheese

TheBigCheese

Soldato
Joined
6 Sep 2005
Posts
3,781
Hi everyone

As per the title really, I'm going to be going to a hotel for a week from tomorrow and will be using the internet they offer.

I'm afraid I'm a bit clueless with exactly how safe it is to use...I don't know whether it will be a wifi hotspot or password protected, but how safe am I to connect to it.

Can I still do everything with my laptop such as logging into Steam, using my online banking etc. Will my computer be part of their network or will I be invisible to everyone including the hotel. Is my computer safe in other words?

It is probably a really dumb question but I'm really not up on network security. :(


Thanks very much.
 
Impossible to say without knowing the hotels network infrastructure.

It could be a nice and secure RADIUS setup in which case you would be protected from other people in the hotel or it could be a simple wifi hotspot job.

Assuming worst case, hotel staff & customers will have access to your traffic. This means unsecured non-ssl stuff is at risk.

Internet banking & shopping will be ok, not sure how steam authenticates but it's probably ok. Stuff like casual browsing and things like facebook are much more at risk. But be careful even with SSL, for example any certificate security warnings that popup, do not ignore them!

So if you are going to use it, use SSL where possible and just assume all none-encrypted stuff is being watched.

If you wanted to, a VPN could be used to make it safe.
 
Last edited:
What OS are you using? If you're using W7 set the connection to "Public" which usually does a good job of firewalling everything off. Update your machine too.

HTTPS connections should be fine, you could do with finding out which ones are and aren't though. Some email sites use a different URL for https for example.
 
Thanks for the replies guys. :)

It's Vista 32 home premium.

Hmmm, that doesn't sound so great, I'll be using it for work emails etc...:(

I think I might give them a ring and ask them, what should I be asking, is it simply "do you run a wireless hotspot" or is there anything I can ask them that someone on reception might be able to identify so I know it's more secure?
 
Chances are the person on reception isn't going to have a clue about how it's setup.

We run the guest services in a number of hotels and the hotel staff give out the WPA key but that's it.

How secure the networks are that we look after varies - it depends if we spec'd and installed the kit or inherited an existing setup. Where possible we deny inter-PC communication on the guest networks and some hotels will ask for content filtering.

Treat it as un-secure IMHO.
 
OK cheers! :)

So just to be clear...if I am connecting to a https it's secure between my machine and the destination - so encrypted through the router/hotspot/hotel in general.

Anything that's not encrypted - treat as if I was being watched.

What's the situation with my PC...are they able to see/access it or do I have to allow that manually?
 
If you have shares enabled on your laptop, others will be able to see them. I can't remember if Vista lets you set the type of connection as in Windows 7. If you are given the option of Public Network, Windows will automatically block any kind of shares while you use the hotel network.

It is probably safer to simply turn off your shares. As long as you have a decent Windows password, have Windows Firewall switched on and only view sensitive info on websites via HTTPS addresses, you should be fine.
 
people will not be able to see shares without having a login and password to the pc.

you could run an angry ip scan on the subnet that your ip is and you could get the ips of everyone in the hotel using the inet fairly easy. You could setup a honeypot and intercept traffic, but that is technical. This is another good reason to always use ssh tunnels when browsing the http.
 
Hopefully Vista will let me connect to a public network, that combined with a firewall will hopefully help.

So...VPN, SSN tunnels...any way of a literate but no way knowledgeable PC bod to get that sorted...tonight?

I'm not asking a lot am I...:eek::confused::p:o
 
You're forgetting about cookie-capture. A lot of sites may send the username/password via TLS however often the cookie for the authenticated session is returned HTTP - Facebook for example.

It ain't that difficult to capture someone's facebook or twitter feed. You don't get their passwords - but you do get access to their sessions.

Google Firesheep or see : http://www.youtube.com/watch?v=TTeUGlo_Hx8
 
Can you leave a PC on at home? Personally I'd just remote desktop to my home machine and browse using that via the internet, essentially it would be as if you were sat at home on your home internet connection.

The remote desktop connection should be secure and so it won't matter if you're logging into unsecure sites on your home PC because none of that unsecured data will be relayed via the hotel.

http://windows.microsoft.com/en-US/windows7/Remote-Desktop-Connection-frequently-asked-questions
 
TheBigCheese said:
So...VPN, SSN tunnels...any way of a literate but no way knowledgeable PC bod to get that sorted...tonight?
Click to expand...

My preference would be to 1) subscribe to an OpenVPN package from a reputable VPN service provider (PPTP at a push as the client setup may be easier) or, 2) for less money, rent a low-end Linux VPS and install OpenVPN on it.

With some assistance, possibly a few hours worth in the second case, you could have had something set up in the course of one evening.

1. I am not able to make a personal recommendation in this area. I did find one which had a no-quibble seven day money back guarantee though. Naughty :)

2. This is effectively administering your own Linux server and could be done for a matter of £3 for a month, quite possibly even less.
 
Last edited:
Seriously what are you doing in this hotel?

Unless your setting up nuclear launch codes or something why do you need your security to be so high?

For normal activitys an upto date AV/Firewall solution and enough wits to not have publicly shared folders on your laptop are more than enough.

Ive worked on multi-billion dollar contracts over hotel networks just dont be an idiot and send anything thats important and confidential encrypted.

If your really that worried about somebody getting into your facebook then i suggest you spend more time in the bar and less time on your laptop.
 
Thanks for the posts guys!

Unfortunately I can't leave the PC on at home, the net connection can be a bit unreliable sometimes so it could just drop out.

Thanks for the link ncjok, I'll have a look into it, I am getting pushed for time now though. :(

The main things I would want it for would be checking my email which is setup on the laptop using Thunderbird - is that something that would be unsecured as it's contacting the server to download mails etc.? I will also be needing to log into a couple of forums - including this one, would that be safe or am I better to just browse and not post for a week (the horror!).


House...troll much?
 
There is a definite risk vs convenience factor. The likelihood of something really bad happening is quite small if you follow some of the basic advice in this thread, and if you're still concerned just change your passwords when you come back.
 
TheBigCheese said:
So just to be clear...if I am connecting to a https it's secure between my machine and the destination - so encrypted through the router/hotspot/hotel in general.
Click to expand...

Whilst operating at a lower level on the OSI model to HTTP, HTTPS will encrypt from the transport layer, over the connection to where ever it's going, then be decrypted so in that sense yes you'll be fine.

I've always been a little wary of using hotel hot spots.

Most of the time you're probably fine but the last 2 times I've been away and needed to use them I've been on security related training courses so have been extra paranoid knowing what's being taught to everyone that week :)

Easy option for me is my folks have a small office and their router can act as a VPN endpoint, so I just set myself up to 'dial in' through their VPN if need be.

Upside is encrypted tunnel, downside is it's slower as their connection isn't the best :p
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom