Security Expert Exploits Hotel Network Vulnerabilities | Top Stories | Hospitality Maga... - 0 views
-
IP Telephone
-
unplugged the IP Phone and plugged the phone's Ethernet cable into his laptop. It booked up to his Backtrack Live CD
-
Jason Ostrom, Vigilar senior security consultant, was given access to a hotel room and told to find out if he could break into their corporate network through the IP TelephoneÃÆ’Æ'Æ'ÃĥÂ.ÃÆ’Æ'Â.ÃÆ’.Ã.•¬Ã…¡Ãĥ¬ÃÆ’Æ'Â.ÃÆ’.Ã.•¬Ã…¾ÃĥÂ.s network connection
- ...7 more annotations...
-
Jason was able to penetrate through to the data network by using a combination of techniques he calls VoIP Hopping. This type of VLAN hopping attack is just one of the attack vectors being used by attackers today
-
protect against VoIP attacks Ostrom recommends putting a firewall between the Voice and Data VLANs. By putting the Voice VLAN on a separate DMZ of a firewall, many current attacks can be thwarted. It is important to lock down the firewall so that only protocols used by IP Telephony are allowed to flow
-
An unssuspecting person check into a hotel like any normal person would. The ever so common exchange, credit card for room key took place. The only difference was that the person that checked had done so with other intentions. The "guest" utilized an IP Telephone that was in this hotel room to hack into the hotel credit card database and steal credit cards, transmit them to a foreign country and then have money transferred to his offshore bank account. This happened but at the hands of Jason Ostrom, aa Vigilar senior security consultant. Ostrom was able to unplug teh telephone in his room, plug in the phone's ethernet canle into his laptop and hack away. Of course, he did this as part of his job in testing a company's security agaisnt viral hackers. His company offers free security testing using a downloadable software called VolP Hopper This article was extremely interesting because as a frequrnt traveler as well as a perosn in the hospitlaity industry I was very shocked at the ease that the credit card information could be stolen. When it comes to credit card security it is of the utmost importance for companies to be PCI compliant and spend whatever it is necessary to safeguard the information of their customers. The detrimental damage that a security breach can have on a person can be debilitating as leaders in the hospitality industry we must do everything possible to prevent attacks like this from happening. made me become extra cautious about using my credit cards.