I’m on travel and asked the gal at the front desk just how secure is the hotel’s broadband network. She assured me each room has its own account password and firewall, so it’s safe to remain connected to the Internet 24/7. I responded that I didn’t enter a password when I first logged in.
Should I be using my own firewall or is it reasonable to assume that a “good hotel” (whatever) has sufficiently robust security? In short, is it likely someone can hack into my system?
Dumb question: Does this mean the hotel has a wi-fi system?
Always, always, always have a firewall on your PC when you are hooked to any network you are not 100% sure of. No matter where it is.
Using a variety of tools, I have been able to find machines all over my current hotel. I didn’t attempt to penetrate any of them. But, I’m sure at least some of them would be found vulnerable.
ouryL’s post is kinda incoherent. There is an NT/XP service called remote access, but disabling it would kill all network functions, which wouldn’t be so fun. Perhaps he/she’s just saying you should turn off all services you don’t need, which is a good idea, but time consuming and difficult for even ex-Microsoft technicians to make sure they got it right.
A decent firewall will block everything, and make you explicitly allow things, making sure you know they’re there. Having one is a good idea whenever you’re connecting your hardware to an un-trusted network. None of my home PCs use them, 'cause everything goes through my linux router/firewall first. If I had a laptop to bring to work though, I’d make sure it had one.
Never trust any network more than you have to. If you have to go online, you have to go online, but you should do so with the assumption that the network is insecure. Most wireless networks, especially, are set up for ease-of-use over security. And no offense to the gal at the front desk, but unless she’s also the hotel’s network admin, she likely has no idea how good the security actually is.
There are a few distinct parts to the security issue:
Whether anybody can “listen in” on communications between your computer and the destination website.
Basically, all but the best-configured wireless networks are vulnerable. Your hotel’s doesn’t sound like one of them, according to your description.
If possible, the best thing to do would be to use a VPN tunnel instead of accessing the Internet directly. Some companies offer this to their employees, but if you don’t know what I’m talking about, it’s probably not a practical solution. Failing that, try to use only “secure” sites (sites that use SSL and display that little padlock icon), which will remain secure even through wireless networks.
If the site is not secure, I believe it is theroetically possible for hackers within the wireless router’s range to crack the key and monitor your transmissions. Whether anybody is actually bored enough to sit there and do that is another question.
Whether your computer is allowing connections from the outside.
As for whether anybody can “hack in”, it depends on whether you have any vulnerable programs running. It’s hard/impossible to say. People can’t just hack in by connecting to your computer; they must exploit vulnerabilities in programs on your computer that are already connected. Unfortunately, these may exist with or without your knowledge and new vulnerabilities for various programs are discovered all the time. It’s like asking if your house can be broken into it – it depends on how good your security system is and who you’re trying to protect yourself against, but even then, you never really know until it happens. There’s no one answer.
However, if you have a firewall, you should be safe. People can’t hack in if your firewall isn’t accepting connections from them, but see #3.
Whether your computer itself is secure.
This is the thing you have the most control over, and it is also the most important. If your computer itself has been controlled, nothing else you do will matter. Make sure you have the latest updates from Windows Update. Make sure you have a good antivirus program and, preferably, an anti-spyware program as well. Keep them both up to date (in addition to the firewall, of course). Use Firefox instead of IE if possible, and if using IE, turn off ActiveX. Use Thunderbird instead of Outlook Express if possible.
The reason for this is that even if the firewall is preventing people from connecting, rogue programs on your computer may be bypassing it and letting things in anyway. To use the house analogy again, a state-of-the-art security system with lasers and tripmines and whatever won’t do jack if your roommate is letting strangers in on purpose.
To summarize:
– If your PC is secure and the site you connect to is secure, you’re safe.
– If your PC is secure and the site you connect to is not secure, your PC will remain secure but the information you transmit is not safe. But if the info is really that confidential, you should be using a secure connection to begin with.
– If your PC is not secure, then you’re already in trouble. All bets are off.
And to answer your other question… if you’re connecting to their wireless network using a regular laptop, then yes, it’s safe to assume that it’s Wi-Fi. You’d need special equipment to connect to other kinds of wireless networks.
Thanks for the detailed answer. I have all the Win XP updates, AVG updates, and have Zone Alarm and another firewall called Private Firewall with anti-spyware. (Whatever.) I don’t surf porn, mainly just news related and financial related sites. The files I’m using are mainly Word and Excel. As a safety measure, I’m keeping the sensitive stuff on a flash memory stick, attaching to the PC only when I have the firewall slammed shut.
Problem is, the firewall is always asking me for permission re: incoming/outgoing packets. Some have msn prefixes, which I interpret as related to the ISP/portal I’m using. But some say stuff like generic host yadda yadda. I’m not sure what I shoul be saying yes and no to. I just this second got a request for a Zone Alarm packet of some kind.
If I slam the lid on everything, I know that’s very secure, but I doubt I can surf much. Is there a site that tells me what these incoming/outcoming requests really are?
You should usually be able to Google for them. It’s true that some programs may masquerade under other names, but hopefully that’s where AVG comes in.
If you’re willing to pay, I think the pro version of ZoneAlarm comes with something called “Alert Advisor” which gives you advice on programs and whether they’re safe to allow.
If the it is moderately busy, a wireless network using WEP can be broken in a matter of hours. It’s definitely not safe to assume that a network using WEP is secure. There is a new standard called WPA, but I don’t know how widespread it is.
And while it’s easy to break the code on a WEP network if there’s enough traffic it’s norlammy people trying to gain Internet access IMHO as opposed to peeps who want to delete/copy your personal files.
What I’d like to know if how each room has it’s own firewall!
Yes, but they could also intercept anything you send on the network. So don’t send any information that you don’t want others to see over a wireless network, unless you’re using a secure connection(with SSL, for example).
