RE: broadband connections in hotels
From: Brad O'Brien (brad.obrien@brylade.com)
Date: 12/09/02
- Previous message: Kilian CAVALOTTI: "Re: XP admin shares"
- Maybe in reply to: Peter VE: "broadband connections in hotels"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@security-focus.com Date: Mon, 09 Dec 2002 14:36:22 -0500 (EST) From: Brad O'Brien <brad.obrien@brylade.com>
Greetings Peter,
From what you describe, one thing that you may want to try is allow
access to 192.168.x.x by IP only in the firewall rules as most of the webpages
from hotels are internal sites. This has it’s obvious disadvantages, so you
have to decide how much security you want to sacrifice in order to maintain
flexability for the user.
If they are external sites, then you could have the person dial-up
with the built in 56K modem and VPN into work, thereby using the corporate
proxy and then authenticate the password on the site in question. That should
activate the billing for a set period of time (usually one night) and allow
the user to then disconenct the dial-up and connect to the broadband
connection.
If all else fails, most of the hotels offering broadband to their
guests would have a PC that the front desk that has an unrestricted internet
access to that could initiate the billing on the travelers behalf.
Hope this helps,
Brad O'Brien
Operations Manager
Brylade Computer Solutions Ltd.
-----Original Message-----
From: Peter VE [mailto:peter.ve@pandora.be]
Sent: December 6, 2002 5:38 PM
To: security-basics@security-focus.com
Subject: broadband connections in hotels
Hi all,
I have a problem that has been bothering me for quite some time now
All of our laptops have a personal firewall.
THis means that they can connect to the internet (in terms of getting an IP
address and do DNS name resolution) + establish a VPN tunnel into the
corporate network. That's it... no browsing allowed, no email reading or
sending allowed....
When the users wants to access the internet, he has to establish the VPN and
use the corporate proxy server... better safe than sorry
The users are not able to change the firewall policy nor disable the
firewall... it's always running
The firewall is clever enough to detect when you are on the corporate
network (private IP + ability to resolve internal DNS names), when you are
on the internet (non-corporate IP address, or private ip address but not
able to resolve corporate internal DNS name), when you are using VPN and so
on... this really works well
Some hotels offer a broadband connection... but before you can access the
internet, you need to connect to a website, and enter a passcode (so proper
billing can be done). We are blocking all access so the user cannot access
this website...
This is bothering me... how can we set things up so the user can use the
local broadband connection,
without dynamically changing the policy,
without allowing internet browsing access at all times..
Also, keep in mind that not all websites are running on port 80... it could
be a different port...
Any ideas ?
thanks
P
- Next message: Louis Cypher: "Fwd: FW: XP admin shares"
- Previous message: Kilian CAVALOTTI: "Re: XP admin shares"
- Maybe in reply to: Peter VE: "broadband connections in hotels"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
