Guestmaster is supplied by GuestMaster International Ltd. This billing system allows for integration with 3rd party products such as telephone systems and pay-per-view TV in hotel rooms.

Guestmaster Broadband Internet Protocol

Guestmaster have written a specification to allow 3rd party broadband Internet access systems to integrate with the billing system. This uses simple csv files that allow the two systems to communicate guest identity and usage information back and forth.

Whenever a new guest checks into a hotel, the Guestmaster systems exports a csv file, detailing which guest is staying in which room, also detailing the amount of credit available to the guest. From this information, FireRack can derive a list of room numbers, and therefore switch ports for which Internet access may be allowed.

When a guest uses the FireRack web-based system to request Internet Access, FireRack updates its table of authorised Internet users, including the agreed price/package deal purchased. This table is then merged with other information, such as product codes and VAT rates and exported to another csv file which is then read by the Guestmaster system.

The Guest's perspective

The guest's interaction with the systems begins when he or she plugs into the network socket in their room. The FireRack firewall automatically issues an IP address to the guest's laptop.

When the guest opens their web browser, they are automatically redirected to FireRack's Internet Access Authorisation page. This page explains the system to the guest and offers them a choice of packages. For instance, the Hotel might offer:

• One night room-only package
• One night room and wireless package
• Two night room and wireless package

Once they've chosen their package and agreed to the charges, they are immediately granted Internet access from their room. If they have opted to have wireless Internet access from the lounge and garden, they are additionally prompted to set a login and password for their account.

When a guest that has opted for wireless access takes their laptop to an area of the hotel equipped with a wireless access point, again they are automatically issued with an IP address. Before that can access the Internet they are asked for their login and password. Once they have been authenticated, they are permitted unrestricted Internet access.

Wireless Network - Problems and Solutions

Wireless networking is by its very nature less secure than wired networking. The first issue is a lack of certainty as to the location of the client machine. Unlike wired networking, it is not possible to say that a guest is in any particular room. It is not even possible to be certain that the client is even in the building.

Identifying the Guest

It is far more important to know who the client is, than to know where the client is. The identity of the guest can be verifed by login and password authentication. This login and password will have been issued at a time and place where their identity was verified. This may have been at the reception desk, or as shown in the scenario described above, when the guest was in their room on a wired network.

Encryption - Securing wireless and avoiding freeloaders

Wireless networks are potentially open to eavesdropping and identity theft. Without good authentication and strong encryption, it may be possible for drive-by hackers to intercept logins and password from legitimate network users.

All wireless network cards sold over the past few years support a type of encryption called "WEP". A secret key needs to be programmed into a laptop before it can operate on the network. However, the means of configuring this key has varied from manufacturer to manufacturer, and from one version of Windows to the next. This makes it imposssible to provide a definitive set of instructions that will work in all cases. If the guest has prior knowledge of how to input a WEP key, they'll have no trouble. Otherwise this will be an off-putting step for them to perform. Instruction on how to add a WEP key can be given for the most popular wireless cards.

Luckily, Microsoft Windows XP supports the EAP/802.1x protocol which provides a very simple solution for all of this. As the Windows XP laptop connects to the wireless access point, the user is immediately prompted for their login and password. The instant they are authenticated, they are issued a unique encryption key automatically. No other guest has this key, and consequently no other guest can decipher data going to or from that machine. This means that under Windows XP, connecting to the wireless network is both easier and more secure than it is on older operating systems.

Compromise and mitigation

Some guests using older operating systems and less popular wireless cards, who may not know how to add a WEP key themselves, might still want to use the wireless network without encryption. This can be made possible by using access points that can simultaneously support both encrypted and unencrypted users. Cisco access points can operate in this way and are recommended for use with FireRack.

When a guest attempts to join the network, they'll be offered a choice between two "virtual" access points, distinguished by their names. For example a single Cisco access point can announce itself as "HotelRoyal-standard" and "HotelRoyal-secure". A user choosing the "standard" option does not need a WEP key.

Operating without encryption is not generally a problem as long as the guest only uses logins, passwords, email and credit cards on secure web sites and mail servers. For instance all banking web sites have built-in encryption, as does paypal. The FireRack Guest Login site also has built-in encryption. It is only when the guest accesses run-of-the-mill unencrypted web sites that their data is at risk. The FireRack login page will warn the guest of these dangers and advise them that they are using the service at their own risk.