4 ways to Implement Wi-Fi Security for a Hotel Group

Posted by C Jones on Thu, Nov 1st, 2018

Secure Wi-Fi is now something users have come to expect at hotels. Wi-Fi as a standard amenity when staying overnight at a hotel.  It’s reported that guests bring on average three mobile devices with them when checking into a hotel. They expect all devices to connect quickly and work well whether responding to emails, streaming movies or facetiming.

While Wi-Fi is considered customary, many hotels lack the necessary provisions to offer another standard – fully secure Wi-Fi.  Security must be a standard function of any IT network today.  Hotel Wi-Fi is extremely vulnerable to all sorts of threats. The very nature of Wi-Fi, with traffic from all devices broadcast over the airwaves, makes any public Wi-Fi network insecure. In general, hotels have not implemented business class Wi-Fi security and many hotels do not restrict the sites guests can view, which leaves them wide open to attack.

Why is hotel Wi-Fi considered especially risky?

• Unlike an organized network, users bring a plethora of devices that may lack basic security tools to protect themselves when online.  Some guest devices will undoubtedly come infected, threatening the computers of other guests as well as your business. 
• Many hackers specifically target hotels for their target rich environments.  One example is a well-known hacker group called the DarkHotel – they have been active for more than 10 years, targeting high profile guests such as politicians and C-Level executives.
• Some guests are more likely to visit questionable websites that are more dubious in nature than those they might access at work or home.  These types of sites are far more likely to contain malware and spyware that can infect the guest device or potentially spread throughout your wireless network.

Four basic steps you can take to take to ensure that your hotel’s Wi-Fi is protected.

1. Segment Your Wireless Network from your Business Network

This first step isn’t necessarily about protecting your guests from hackers or malware threats.  It’s actually about protecting your own network.  The last thing you want is anonymous users accessing your servers and workstations using the guest Wi-Fi.  The guest Wi-Fi must be implemented as a separate network that is clearly segmented from your business network.  You can segment your network using a series of virtual local area networks (VLANs).  Most any enterprise grade switch today has the ability to create multiple VLANs.  You can create VLANs for the following instances:

1. Create a VLAN for all of your business devices that are hardwired to the network.
2. Create a VLAN for your wireless access points to communicate with each other.  This VLAN keeps wireless AP management separated from wireless user traffic.
3. Create a VLAN for the SSID that your guests will connect to for Wi-Fi.
4. Create another VLAN for an employee wireless SSID

Constructing VLANs for each group of devices or users will limit the ability for many malware strains to propagate.  In other words, if a hotel guest brought a malware infected device or download malicious code over the guest Wi-Fi, the malware would be unable to spread to your corporate network.  The implementation of VLANs also creates the foundation to apply rules and policies to manage the traffic between these VLANs, prohibiting a guest or perpetrator from browsing the business network.  Segmenting your network is something you should have an experienced networking professional set up for you.

2. Only Offer Secure Wireless

It’s easy to set up open Wi-Fi and easy for your guests to access it.  Unfortunately, it is also easy for hackers to capture any of the wireless traffic generated by your guests.  Hackers can easily monitor which sites they are accessing and any data they are sending to unencrypted sites.  By securing your guest Wi-Fi with WPA2 encryption, all Wi-Fi traffic generated by your guests is encrypted and protected. When Wi-Fi is encrypted, your guests will be required to supply a wireless key (think password) in order to access the guest Wi-Fi.  Of course, you should also encrypt the Wi-Fi used by your business as well.

3. Enable and Configure your Firewall

 

Your hotel network will include some type of router device that separates your hotel network from the internet.  In most cases, this router will include a firewall to deter malicious traffic from traversing back and forth between your LAN and the Internet.  In addition, your access points may have internal firewalls as well. These can be configured to route guest wireless traffic straight out to the internet, completely blocking access to the other VLANs or company network.
 

4. Web Filtering
 

Web filtering should be part of every hotel Wi-Fi implementation.  For some users, the hotel web filter may be the only security mechanism protecting their device as many users fail to use endpoint protection or enable their internal firewalls.

Web filtering doesn’t mean you have to purchase and maintain hardware however.  There are several cloud based web filtering solutions that simply route all of your traffic through their filtering system.  A reputable web filtering system can block access to malware and credential phishing sites.  Many cloud based filtering solutions include a malware gateway as well that scans all web traffic for malicious code threats. 

Another added benefit is the ability to block other website categories that tailor to your clientele.  For instance, if you cater to young families, you may choose to block access to sites that contain adult themes or offensive content.  All of this can be managed through a simple web GUI interface using your web browser.

Secure Wi-Fi for Hotels from TitanHQ. WebTitan Cloud for Wi-Fi allows hotel operators to:

• Control content and online activities without any impact on Internet speed
• Block pornography and other inappropriate content to make the Wi-Fi network family-friendly
• Prevent users from engaging in illegal activity
• Block phishing websites
• Prevent malware and ransomware downloads
• Restrict bandwidth-heavy activities such as video and music streaming services
• Create user groups with different restrictions, allowing streaming or adult content for specific user groups
• Set web filtering controls for different access points
• Manage content filtering for multiple hotels with ease, no matter where in the world they are located.

To find out more about all of the benefits of WebTitan Cloud for Wifi, how secure WiFi for hotels can be provided, details of prices and to register for a free trial, contact the TitanHQ team today. Your guests will thank you for it.