Wireless Security

With new wireless technologies developing and old ones improving on a daily basis, it's inevitable that most hospitality organizations will eventually install a wireless network for internal use, guest use, or both. Several new wireless standards are in development that will make the technology even more attractive to hospitality IT professionals. Chief among these is a new wireless standard, 802.11i, which provides improved encryption for networks that use the popular 802.11a, 802.11b (which includes Wi-Fi) and 802.11g standards.

Security risks
Due to the nature of the hospitality industry, most wireless Internet access is provided to both guests and staff members. Although the wireless connection for the staff members can be secured by using Wired Equivalent Privacy (WEP), or even better Wi-Fi Protected Access (WPA), the wireless connection setting is usually set as "unsecured" so that any user within the vicinity of the hotel or restaurant can connect. Regardless of the protocol used, 802.11i or otherwise, an unsecured network is just that -- unsecured. The "wireless anywhere" approach, however, seems to support guest preferences: according to a survey conducted by broadband services provider iBahn, a wireless network is the preferred method of connectivity for two thirds of hotel guests. Security, according to the survey, is the second most important aspect to users after speed.

Herein lays the conundrum. Hackers target public access areas, such as hotels, restaurants, and airports, attempting to pilfer personal information from wireless users. The hackers then sell that personal information, such as a credit card number or bank account, on the Internet. Guests are most vulnerable as they transfer files or data over the unsecured public wireless network. They must use a virtual private network (VPN) to be protected. This creates several serious problems for guests who are rightfully connected to the network, as well as liability concerns for the provider of the service, namely, the hotel or restaurant.

Protection tactics
To protect themselves, wireless network providers, hoteliers and restaurateurs should publish a "terms and conditions of use" policy, along with a clear disclaimer, approved by qualified legal representation, to ensure that it will protect the operator and Internet service provider. If Internet access is outsourced to a third party, the hotel should make it clear to users that it does not control the access. The user would then be required to accept these terms and conditions to gain access to the unsecured wireless network.

Personal experience, however, indicates that more than half of the hotels do not require a liability release from

Internet users, leaving the organization at risk. If a company or individual hasn't yet sued a hospitality organization because of a security breach over a wireless network, I predict they soon will.

The next step in protection is to offer secured wireless access (preferably WPA) whenever possible; for example, to hotel conference attendees. The third tool is to provide a quick tutorial to users when they are connected to the network. This tutorial can identify risks associated with being connected to an unsecured, public network and outline those tools that can be used to protect one's information (i.e. a VPN). Although this step may not result in users connecting to a VPN at that time, it will at least demonstrate that the hospitality organization employs reasonable care in providing and fulfilling wireless Internet connectivity.

Cihan Cobanoglu, Ph.D., CHTP, is associate professor of hospitality information technology at the University of Delaware . Share your questions and comments with Dr. Cobanoglu online at htmagazine.com or e-mail him directly at [email protected].