If you have ever stayed at a Hampton Inn, you are probably very familiar with the Internet intercept website they use to ask for the Internet access code.  That intercept page also includes a checkbox asking if you are an advanced VPN user.  I have alternated between checking and not checking this box without any noticeable effects on the performance of the CoNetrix VPNs.  Without doing much research into it, I made the assumption that it was probably opening VPN-related ports.  However, on my last audit, I was working with a virtual system on my laptop that we use often at banks, but I had never needed to turn on at a hotel.  I had some IP address problems with the virtual machine and, during the troubleshooting process, discovered my laptop had been given a public IP address by the hotel’s wireless Internet connection. 

After some tests, I verified that it was a real public IP address that was directly accessible by anyone on the Internet.  A coworker was on the audit with me, so we checked his IP config, but he had a private IP address.  Checking the “advanced VPN user” option on the hotel’s website had assigned me a public IP address, presumably to avoid any NAT issues that might foul up a VPN connection. [more]

The experience was a good reminder to me to make sure my laptop security is up to date whenever I use a public network.  We don’t always know how public connections are configured or who else is connected.  At any hotel, our laptops and network traffic are exposed to any system connected to the hotel’s local LAN.  However, at least in this one case, my laptop was also directly exposed to the entire Internet.  In either case, a strong firewall policy (block all inbound connections, make sure the network connection is designated as “Public” and not “Private” or “Domain”) and a fully patched system are very important.