Design Project For A 5 Star Hotel

Published Date: 02 Nov 2017

Economic globalization and diverse development trends keep on intensifying the competition in the hotel industry. The success depends on the restructuring of the conventional system with the aim of reducing management costs, improving service quality, attracting more customers, and satisfying customer expectations. For instance, hotel chains are developing rapidly and enjoy a strong competitive edge, thanks to cutting-edge information technologies and advanced business models that implement branding, chain operation, and standardization strategies. This project is focused on WLANs and associated wireless technology in a 5 Star Hotel in Rio (Brazil) in preparation for the Fifa World cup 2014. A comprehensive and holistic approach is required in order to truly derive an overall understanding of the complex, integrated and inter-dependent aspects of IT at the time of addressing the key aspects of technology such as WLANs. Hence, further to wireless technology, the guide also delves into security issues. This area should be further addressed in order to gain a comprehensive understanding and view of wireless technology’s role within your district’s overall IT strategy.

Table of Contents

Acknowledgement ii

DECLARATION iii

Abstract iv

1. Introduction 1

Background of the project 1

Aim of the Project 2

Current Scenario & Requirements of the Project 2

Methodology 5

Risk Assessment 5

7

Gantt Chart 7

2. Network Security at 5 Star Hotel 8

3. One Net Hotel Chain Proposed Solution 14

4. Wireless Access 20

5. 5 Star Hotel Security Proposed Solution 25

References 34

1. Introduction

Background of the project

It is critical for every computing system that renders support to a number of processes that there must exist a mechanism to allocate resources of the concerned processes along with the policies that govern access on the basis of the rights provided to one of the processes when discussing the resource allocation. Therefore, it is overtly evident that in a conventional timesharing operating system, the policies governing authorization and resource allocation are required to be rendered by the principal process, which could be, for instance, at the time when the application sends a system call. However, in case of networking, firewalls or proxies can play a momentous part in enforcing policies for individuals and/or sessions datagrams that seek to overrun the limitations in place with the aim of establishing a link between the inside and the outside environment (Borisov, 2009, pp. 208-211).

The wireless technology has ostensibly grasped the attention of the market and now Wireless LANs can be seen everywhere whether at the office, at home, in the hotel, in the coffee shop or at the airport. However, the wireless concept has its roots in the wireless modem of the early 90’s. Moreover, the early wireless modems were originated and specially designed for single peripheral devices that basically required a way to allow devices to transfer the computer data which primarily includes sending and receiving the data. The speeds of the modem had grown accustomed to more than adequate for the task. Industry professionals who drawn their heeds to this new emerging field are typically from the Information Systems Networking field, having a strong background in the concepts of wired LAN, MAN and WAN. Besides them, the professionals from the Radio Telecommunications field with an in-depth experience in wireless communication are also interested in this regard. However, this Wireless LAN field requires some degree of expertise in both (Crowston, 2011, pp. 107-109). The hardware is required to be added in the concurrent system as the extension of the Access Layer requirements of the network however, the Air Interface needs entirely distinctive set of skills.

In order to begin with, we need to start by defining a VLAN that is a secure application-based system which can be used to protect a specific service through unauthorized attempts to obtain the right to use without making the considerable modifications to the hosts and merely necessary adjustments to the presently implemented standard components of a LAN. Following this, we would analyze a case study that would reveal how the selected approach can be executed to IP telephony. Lastly, we would share our experiences in this study from a first-time implementation of an S-VLAN system (McKnight, 2008, pp. 166-168).

Aim of the Project

This project is based on Network Design Project for a 5 Star Hotel in Rio (Brazil) in preparation for the Fifa World cup 2014.

Current Scenario & Requirements of the Project

Hotel Infrastructure

• The hotel has ten floors along with fifteen rooms in each floor.

• The Hotel also has one reserved room on the ground floor specially, where all the networking equipments are stored.

• The hotel has a spacious lobby and a relaxing swimming pool area.

• The hotel also has a conference room located on the First Floor.

• The hotel also has the DSL high speed Internet available for the public use.

Networking Requirement

• All the rooms must include installed computer systems.

• The computers in all the rooms should have the internet connection.

• The swimming pool area and lobby must have the wireless access to the internet.

• It is also required that Conference room must have wireless internet with the accessibility of Video conference.

• The hotel must ensure the free internet facility and accessibility to the guests in the rooms.

• The computers should have installed the appropriate security software.

• The hotel management staff and the guests should be on different networks.

• There are total of thirteen users on the hotel management who need computers.

• A hotel management server must have separate setup for the use of hotel management staff which should not be accessible by the guests.

• There should be secured wireless access in the lobby and swimming pool area.

Requirement Analysis

• The DHCP Server is required for providing the separate IP addresses to the guests and the Hotel Management staff.

• Anti-virus software needs to be installed on all the computers for protection and security purposes.

• A server machine is to be setup for managing the hotel management application software

• A webserver is required to be setup to allow and ensure the access from outside the hotel network

Network Design Strategy

• It is required that the guests and hotel management must be having two different IP networks. The proposed IP network for guests is 202.168.1.0/24 and for hotel management is 202.168.2.0/24.

• For the separate network setting, a VLAN based infrastructure is proposed to segregate the guest and management networks.

• The guests must be disallowed to have the accessibility of Hotel management application server through the configuration of An Access control lists.

• A single DHCP server with multiple scopes is to be setup in order to provide differential IP addresses to the users and guests.

• Access points need to be configured and installed on each floor or placed on strategic points so as to allow un-interrupted wireless connectivity to all guests in their rooms.

• Access points also require to be configured as well as installed in the lobby and swimming pool area.

• The wireless communication in the lobby and swimming pool area must be secured and protected with encryption algorithms such as WPA/ WPA2.

Methodology

The research for the paper is secondary in nature, which has been conducted by making use of the existing data. The major information about the subject has been extracted from the literature which was primarily sought from articles, journal and textbooks. The qualitative research approach has been selected for conducting the study. However, the core reason behind selecting the qualitative research was that the research requires subjectivity and the vast information which can only be obtained through the qualitative approach that is merely subjective in nature when compared with quantitative research and makes ostensible use of contrasting methods of data collection. These methods could be primary or secondary in nature but as stated previously, we shall be using the secondary methods for data collection. The primary criteria for selecting the literature were based on the relevance of the issue and the year in which the study was published. Private and public libraries, in addition to online, were accessed in order to gather the pertinent information. The online databases used were Questia, Emerald, EBSCO, Phoenix etc.

Risk Assessment

Planning is the fundamental and indispensable function of the management and acquires the central role in any project which is essentially concerned with ‘how and when’ to achieve the predetermined objectives. Planning is the essence of setting all other functions of the management such as organizing, staffing, directing, motivating, coordinating and controlling.The key purposes of planning are listed below:

Analysis

Anticipation

Scheduling resources

Co-ordination and control

Production of data

Figure 1: Risk Assessment planning

"With the plan as a road map, telling us how to get from one point to another," says Hallows. Therefore, this shows that a good project manager recognizes and always acquainted from the outset that a project plan is more than just an academic exercise or tool for appeasing the upper management. It is the blueprint for the entire scope of the project, a crucial document of the project which is frequently referred, often updated on-the-fly, and which is something without which the project manager cannot be progressed.

Major Risks that Could Affect the Delivery of the Project

Risk 2: Not have enough capability of making efficient decisions

Risk 3: Inadequate access to Project Manager of Reporting Authority

Risk 4: Insufficient authority of project manager

Risk 5: The number of decision makers far exceeds than the requirement

Risk 6: Consumption of precious time on insignificant or petty affairs

Risk 7: Significant changes will be made in the project at a later stage

Risk 8: Not keeping in mind the timeline of the project

Risk 9: Inability to recognize casualties

Risk 10: Malfunctioning

Figure 2: Number of risks for the Project

Gantt Chart

TASKS

Days

1

5

9

11

15

19

24

30

36

40

45

49

51

53

58

60

Porject Initiation

Planning

Kick off meetings

Architecture set up

Network Construction

Hardware & software Installation

Implementation

Monitoring

Controling

Project Completion

2. Network Security at 5 Star Hotel

A hotel must certify the security and protection of customer information and of its own network devices and business files. Therefore, the network security is a crucial part of the intelligent management system which must prevent threats from internal users, defend against hackers, guarantee communication security and deplete the other dangers between the head office and branches, and output data for audits by security authorities.

Wireless network traffic flows through the air interface which is in an open medium which is overtly considered insecure. Therefore, the network administrator must be aware of the types of security related threats and must opt for some of the solutions available to mitigate those risks. The attacks as well as threats against the wireless network cannot be completely prevented and only proper responses and the effective monitoring of the network can reduce the risk associated with the wireless portion of a network. In most of the scenarios, the basic role of wireless network is to create access to a network which is already in place or the Internet. So, this requires the authentication and segmentation in order to actively manage the network to monitor who gets access to specific network resources. As because the wireless technology has greatly been implemented into enterprises where security is mandatory, so for that purpose the wireless traffic needs to be protected (Beyah, 2011, pp. 121-126).

Security in all networks is woven into the security policy of the enterprise which is accountable for answering the following questions such as how sensitive is the data available on the network? What are the possible threats if data is compromised? What actually extanuates the acceptable use? In addition to it, it is usually combined with an authentication scheme to make sure not only of the authorized use but effective encryption as well. The wireless network can be leveraged on most of the existing wired network user authentication methods.

The encryption holds the immense importance therefore, two basic concerns that 802.11 clients and APs must take care about are authentication and encryption. This is considered as the essence of security. Authentication therefore verifies the content of the packets of information drifting between the trusted wireless devices, such as a laptop and an AP. Subsequently, encryption makes sure that only trusted wireless devices or entities can use as well as read the information. There are a copious technqiues which can be used for the purpose of security therefore, encryption along with the authorization is the best technique where the encryption and authorization can separately be used or sometimes a mixture of both can be used. The following would be breifly shed light on these techniques mentioned here (Bittau, 2009, pp. 263-269).

The technological shift has also brought the change in wireless security issues where wireless security has also gone through an evolutionary stage in order to make use of more vigorous methods for safety and security. APs have the option of employing the authentication from a variety of methods that would consequently allow leverage to external servers of authorization and authentication to the pertinent user databases. The EAP of the Extensible Authentication Protocol is the groundwork of a number of wireless security techniques which have been provided similar initials, for instance, PEAP, LEAP and EAP. Hence the EAP is extendable as well as compliant to copious numbers of secure environments. However the historical record of EAP can be traced back to PPP that is Point-to-Point or dial-up communication, which is not basically characterized as wireless authentication. As stated above, the IEEE 802.1X protocol serves a port-based-authentication. In other terms, it actively acts as a process to provide accessibility to users that want usage of switch ports. However, the individual users can be identified at the second layer before the provision of accessibility of the wireless network which can only be possible with the use of IEEE 802.1X. Wireless LANs can work as the guiding mechanisms with the execution of EAP at the second for active wireless users. Therefore, the following mentioned methods of security can be found in a typical wireless LAN;

PEAP

LEAP

EAP-TLS

EAP-FAST

The sheer number of security techniques available have made it perplexing and confusing to understand the competencies and purposes of each of the techniques (McKnight, 2009, pp. 81-82).

The Transport Layer Security (TLS) is employed to provide security to the client authentication process for the EAP-TLS techniques. The Transport Layer Security is developed on the Secure Socket Layer (SSL) which can usually be found in private web browsing sessions. In addition to it, the EAP-TLS makes use of digital certificates that act as the verification or as credential for authentication. This means that all wireless and AP users must possess a certificate that is produced and authorized by a mutual certificate authority or a CA. The EAP-TLS also takes care of privacy related issues in case of wireless data with the help of WEP keys that are fundamentally fashioned automatically whenever the authentication server requires the user to validate once again. The key generatedTransport Layer Security is unique and distinctive for every user of a wireless LAN that is also constructive is generating a discrete WEP key. This key is than employed to decode wireless data of a user.

Similar to the EAP-TLS the PEAP requires an exclusive certification solely on the server of authentication just to make sure and allow the validation of the server for the client using it. The second version of Microsoft Challenge Handshake Authentication Protocol ensures the authentication of the network. Same is the case with the EAP-TLS, the Transport Layer Security key is required to produce a WEP certificate to decipher the stream of wireless data. The certificates or keys see changes that take place as the server for authentication demands client to re-authenticate (Blinn, 2010, pp. 144-148).

The EAP Flexible Authentication via Secure Tunnelling or we can say it simply as EAP-FAST which is method for wireless security that was created by CISCO. However the name of this method is not based on the speed, instead due to the flexibility of the system to exterminate complexities in administration and implementation. Morever, under this system, the users are not required to have a certificate and do not have to comply with any firm or strict policies or password issues to obtain the accessibility. The EAP-FAST functions by creating a bridge or a passageway that connects and links the authentication server and the users altogather. The PAC or Protected Access Credential is required as the single user credential to create the connection. However, once the link is formed the user can get the validation by entering a username and a password to obtain network accessibility. The EAP-FAST can construct the WEP certificate which can enable the decryption of the stream of wireless data.

The authenticator or the supplicant is activated as well as programmed to adhere with the unauthorized condition in case when the system discovers the new user over the wireless system. Under this unauthorized condition, only the traffic from the IEEE 802.1X would be allowed to have the access. However, the rest of the traffic or for the traffic originating from HTTP and DHCP would be strictly restricted by using a firewall (Wong, 2008, pp. 128-131). The authenticator then conveys the EAP-Request credentials to the supplicant. Following this, the supplicant then transmits the EAP response data packet which the authenticator send through to the server, which is generally the RADUIS server. The server for authentication can even reject or accept the request of EAP and if the EAP accepts the forwarded request, the authenticator would then switch the state of the port to authorized , thus continuing the DCHP and HTTP traffic in a normal manner. The time at which supplicant logs off, a message is sent towards the authenticator communicating the condition. Accordingly, the authenticator, on reception of the message, reverts the condition of the port back to unauthorized, blocking all HTTP and DCHP traffic once again.

In the WLAN world, 802.1X by itself is a Port-based Access Control, a flexible authorization scheme that can effectivetly work with WPA, WPA2 or 802.11i technologies. It is typically combined with an authentication protocol, and as a pair they provide a secure authentication and encryption key rotation mechanism.

Cost Effectiveness

The hotels are expecting a cost-effective network to maximize return on investment with the aim of squeezing the profit with the intention of depleting the competition present in the industry. The all IP networks that are currently replacing traditional TDM, CATV, and analog networks offer strong economic viability; for instance, an integrated IP platform ensures the high speed data transmission channels as well as voice communication, while allowing customers and hotel staff to communicate at the global scale.

Figure 3: Uniform IP Platform

3. One Net Hotel Chain Proposed Solution

Network Requirements

The hotel chains generally offer between 50 and 300 rooms. However, a hotel chain with 200 rooms can accommodate about 250 customers, although business conferences and press briefings can also escalate the concrete number to 500 customers. Therefore, it is assumed that the network quality directly influences customer satisfaction and for this purpose, a hotel's network must have adequate bandwidth resources and must offer continuous, high-speed transmissions (Byers, 2009, pp. 314-328). In order to improve a hotel's service, obtain a high star rating, and provide value-added services, the basic network must carry voice, video, and data services while ensuring wireless service security and the QoS of voice services. The internal hotel office network bears the services of the management, and financial systems, which requires that the network must deliver high bandwidth, link redundancy, and security design.

Proposed Solution

Figure 4: Internal Hotel Office Network

There are copious benefits underlying the effective integration of the room service, hotel management systems and isolating services such as: the design ensures the security of the internal hotel network and customer services, lessens network construction and maintenance costs, and shrinks egress link lease fees by using a VPN (Byers, 2009, pp. 314-328). Foreground services are transmitted in different VLANs before being broadcast to the core switch through aggregation switches. This proposed solution simplifies the process of storage of data, employs service interworking and association, offers unified network management, and abridges the O&M. The AR G3 series of routers such as the AR3200 and AR2200 series, are the optimal choice for the egress under the proposed solution. The AR G3 routers integrate the firewall and IPSec VPN and provide hardware-based QoS technologies in order to ensure quality of service without distressing the forwarding performance. Moreover, Voice, video, and data services are processed on the AR G3 by effectively using the HQoS. Hence the expansion of 3G services ensures 3G as a cost effective connection backup mode that can replace the legacy dual-line backup (Park, 2010, pp. 121-125).

The S7700 core switch controls wireless users through a built in AC board. The aggregation switches convey outstanding performance, competence, and consistency using redundancy and load balancing.

The preceding figure shows that devices in the core telecommunications room monitor multiple buildings and centrally manage data. The vertical subsystem connects the building and floor telecommunications rooms using a low voltage system. The building gateway telecommunications rooms holds floor switches and the devices of some distributed subsystems. The devices in the building gateway telecommunications room aggregate the core services of a single building (Burns, 2010, pp. 194–196).

The horizontal subsystem employs the APs or access switches to connect to each of the service systems with the center of telecommunications room. Since, the hotel investment features can vary in terms of scale and building structure and the proposed solution can also differ in terms of device selection, bandwidth, networking, network architecture, cable layout (Walk, 2010, pp. 133-138).

Selecting Access Devices

At times of selecting devices the PoE can be used in wireless areas where in;

• switches that can provide remote power for APs.

• Across the hotel chain, use the S2700 series as access switches because they ensure excellent control and management along with the provision of various 100M access switches (Blinn, 2010, pp. 144-148).

• S5700 switches can also be used as it ensure the 1000M access switches at the access layer as they incorporate advanced technologies with the capabilities of strong service expansion. The S5700EI or S5700SI is a cost-efficient 1000M Layer 2 switch that can use 10 Gbit/s fibers as uplinks. This allows high bandwidth for each user or terminal that meets the requirements for heavy traffic of multimedia services.

Selecting Core Devices

At the time of selecting the core device, the following points must be taken into consideration;

• Faults on core devices impact the entire hotel network; therefore, core devices must feature high reliability, stability and capacity, flexible scalability, and strong security capabilities (McKnight, 2010, pp. 53-59).

• The S5700 and S7700 are mature core switches that successfully employ dozens of security and consistency mechanisms, as demonstrated in existing deployment scenarios.

• The core switches must incorporate security boards where the security technologies can be deployed in order to isolate the services of different departments and defend against the threats and danger of external network. The cost effective switches assimilate various boards, that include the firewall board which implements robust security measures.

• The S7700 unifies AP management switches with the integrations of AC functions.

Proposed Solution Characteristics

The following mentioned points extenute the characteristics of the proposed solutions;

• The integration of the customer service system and hotel management system lowers network construction and maintenance costs along with the reduction in egress link lease fees.

• Each layer has clear functions and a stable topology, making the network easy to expand and maintain through the multi layer designs.

• The AR G3 routers ensure network stability and reliability with the provision of the capabilities to support 3G networks, multiple services; and provide load balancing and functionality to link backup (Crowston, 2012, pp. 75-79).

• It ensures the open design hence the proposed solution implements the international standards along with the provision of strong interworking capabilities. It supports IPv4 and IPv6 deployment and connects the egress to the Internet, WAN, and PSTN.

Recommended Devices

Table 1: Recommended Devices

4. Wireless Access

As wired access is not adequate enough to meet with the large hotel management and customers' leisure requirements and hence failed however, the mobile WLAN can be deployed to facilitate hotels to ensure the value-added services. Different WLAN deployment policies can be applied to different areas which include the lobby, cafes, meeting rooms, guest rooms, and sports facilities. WLAN deployment policies are primarily classified into indoor and outdoor such as indoor distributed, indoor covered by outdoor signals, and outdoor based on coverage range and customer access requirements. Mobile host security means securing the laptops and other devices that come on and off of a school’s WLAN. This is accomplished with a broad mix of technology and best practices of users complying with a sound wireless security policy. However, the introduction of mobile computers into the network on a large scale can adversely affect the security concerns. They move from network to network and their exposure to vulnerabilities while outside of the school WLAN are unknown (Park, 2009, pp. 49-53).

Large meeting rooms and guest rooms need a much greater accessibility than the cafes, sports facilities, and outdoor landscaped areas, although they also must be covered. However, the lobby, meeting rooms, and guest rooms are the prime areas that place high requirements on data services.

Figure 5: WLAN

The indoor deployment requires much accessibility to the areas where there is high user density along with the low signal loss; for instance, the lobby and meeting rooms. However, the indoor distributed deployment requires the applicablity to areas with low user density with high signal loss; for example, KTV and guest rooms.

Chart 1: Indoor deployment chart

802.11a and 802.11g provide 54 Mbi t / s transmission rate as wireless technologies develop, 802.11n can increase the rate to 300 Mbit/s, or even 600 Mbit/s. MIMO OFDM combines the multiple-input and multiple-output (MIMO) and orthogonal frequency-division multiplexing (OFDM) technologies, which radically accelerates the wireless transmission quality as well as transmission speed. The smart antenna technology applied in 802.11n uses an antenna array to considerably adjust the beam. This ensures the improved WLAN mobility with the increased wireless access to users to receive stable signals with low signal interference.

An AP covers six rooms

The indoor AP is wall mounted. The cost is low; however, there may be dead zones if the room structure is complex.

Figure 6: Channels

AP+power splitter+RF cable+antenna

Indoor distributed AP +omni-directional ceiling mount antennae costs low with the assurance of high quality signal. However, the project cannot be implemented by phases.

Figure 7: Room Network

Coverage Policies For Guest Rooms

Policy 1: An AP is specially deployed for guest rooms with the purpose to cover every corner of the rooms. This policy allows the implementaion of the project phase-by-phase.

Policy 2: AP+power splitter+RF cable+antenna is low cost but averts project implementation in phases.

These policies can effectively be applied to the hotels with various building structures. The standard rooms and deluxe rooms featured by high signal shielding capabilities, high user density, and many computers must be deployed with the Omni-directional ceiling mount antennas. This method uses multiple antennas and little power to ensure coverage overlap in addition to provide and ensure the adequate edge signal strength. Although an antenna is mounted on the corridor ceiling between two neighboring rooms with the aim at reducing signal loss caused by wall penetration. If there are many standard rooms and computers, and the number of access users needs to be limited, policy 2 can deploy a POE-powered AP on each floor in the HUB room on the west side of the corridor. However, the network cable between switch and the AP cannot exceed 90 meters.

The proposed solution has the following characteristics:

• The 802.11n network must be compatible with 802.11a/b/g access.

• A maximum of 600 Mbit/s bandwidth is provided, which dramatically exceeds 100 Mbit/s wired access.

• The core switch integrates the AC function and works with multiple APs to meet with the requirements of deployment for multiple application scenarios that include roaming, smart antenna, dynamic load balancing, and multi-SSID management.

• APs are powered by PoE devices through network cables.

Recommended Devices

• Indoor: WA603SN, WA603DN, WA633SN

• Outdoor: WA653SN, WA653DN, WA653DE

The AC cards have been built in the S7700 series switches. The S2700, S3700, and S5700 series switches provide the function of PoE.

Table 2: Device Recommendation

5. 5 Star Hotel Security Proposed Solution

The hotel network has the following security requirements which ensure the secured communication between;

• hotel chains

• Internal network security

• Defense against viruses, junk mail, and attacks at the Internet egress

• Hotel website push

• Examining customer online behavior

A new generation hotel security has proposed and devised the solution that integrates the basic network and multiple security measures in order to meet these security requirements.

Connecting branches and the head office

Hotel chains connect to each other using the VPN. The VPN establishes a tunneling protocols over the internet and public network and serves as the gateway between the clients and the internal network. However, it secures data from being theft during the process of transmission as the proposed solution applies identity authentication and data encryption technologies to prevent data from being accessed or tampered with by the unauthorized and unknown users which ensures data integrity, confidentiality, and validity. The VPN allows hotel customers and administrative departments to remotely access internal resources, which reduces costs and ensures security.

Figure 8: Connecting branches and the head office

Service integration

The head office can deploy AR3200s which provides the firewall and IPSec VPN functions. The HQoS can also be applied to transmit voice, video, and data services.

3G backup

The expansion of 3G services makes sure the cost-effective link that can replace the original dual-line backup mode.

Border security-firewall deployment

The hotel security proposed solution controls each area by isolating the physical areas and service areas. Firewalls are deployed to guarantee the security between the core switches and Internet routers. The egress routers, firewalls, and core switches adopt a redundancy design to improve reliability based on the size and security requirements of the hotel network.

Firewalls provide the capabilities and assurance for comprehensive security defense. The firewall access control policy allows Internet users to access only the specified interfaces of the DMZ servers. Internet access is controlled through their IP addresses and the security zones are divided in order to avoid security threats.

The proposed solution defends the entire network, applications, or data against the threats and other dangers.

Firewalls make sure the border security at different network layers.

Internal network security

Different security features are deployed at the core layer to protect internal network security; for example, the access layer can use MAC Forced Forwarding (MFF) with the intention to prevent unauthorized access. The core layer can use IP source guards to avoid IP spoofing attacks and implement DHCP packet rate with the aim of limiting to prevent DHCP flooding attacks. Strict ARP learning or ARP gateway anti-collision can be configured on gateways to defend against attacks from bogus gateways, and ARP source suppression can protect the gateways from ARP flooding attacks . In 802.11 networks, clients can authenticate with an AP using many methods. The following are some of the most common means of connecting to a WLAN. It is worth noting that the level of security provided varies under the different methods. These methods are listed in order of the level of security which they provide, starting with the oldest and generally accepted as least secure.

A similar secure key is defined statically on the AP and the user. If the two keys form a match, the user is provided with the accessibility to the network. It must be kept in mind that the process of authentication in the aforementioned methods halts at the AP. PSK and open authentication are regarded as legacy systems as they cannot be scaled nor they are entirely secure or protected. Open authentication is generally the standard setting and does not screen or check the users in any manner. Any user can log in to the network without having to obtain the verification of any type. Naturally, the SSID becomes the sole authentication required on such a network. Though this is the easy and simplified method as it provides security to the wireless LAN. Moreover, open authentication possesses no means of decryption of data that is relayed to the wireless LAN. The pre-shared authentication key makes use of a comprehensive WEP certificate that is saved on the AP and the client. The AP does not render any kind of resistance to avert unauthorized access in case when a user wants to create a link with a wireless LAN.

Internet egress access redirection

The web page redirects customers to the portal page, which displays promotional information for the hotel brand and promotes the image of the hotel with the expansion of the hotel's customer care service by, for example, including links to airports and weather information.

Figure 9: Internet egress access redirection

Customer online information security management

Customer online behaviour can be recorded, tracked, analyzed, and queried based on the VLAN ID as the VLAN is assigned to each room however, each room is identified by the VLAN ID. Isolating different user types (grouped by their functional requirements) into VLAN network segments and firewalling between VLANs will greatly increase security. Furthermore, isolated users may only access exactly the resources they require, which helps with overall IT resource management and decreased support requirements.

Different user groups are isolated from one another for further protection of peer-to-peer breaches. As WLANs scale out more users, the VLANs isolate network traffic to help control as well as reduce the bottlenecks associated with large, flat networks. As application adoption and usage increases, this management technique will provide maximum control of bandwidth, and ultimately cost.

Figure 10: Customer online information security management

The monitoring software are also deployed as required by the police station on the management server. The S5700 switches report information to the police station in real time based on the VLAN IDs of hotel rooms pertaining to the port mirroring function, customer online behavior. This proposed solution helps the police station to keep the active control over the hotel customers.

The WLAN access is convenient for guests or visitors who primarily require Internet accessibility to do their jobs such as temporary administrative staff, teachers, or consultants who may carry laptops. District WLAN access must be segregated to minimize security exposures and conflicts of interest. However, it is advised that VLANs should be used as the cost effective way to segregate guests and divert them to the Internet. VLANs are easy to set up and are supported by the major LAN equipment providers, such as the intelligent routers and firewalls. The best systems provide a browser landing page and will register users "on the fly" or with a password supplied for guests. Make sure that guests sign a user compliance agreement before activating guest access. Guest users should be required to click "yes" on a browser screen that indicates they agree to terms of privacy and conduct, and will be held accused and liable in case of their unethical actions. This feature should not be bypassed for the convenience of guests.

Anti-Virus (A/V)

A/V protects and curtails threats, and is essential for all laptops because new viruses proliferate daily and spread even more quickly. There should be a centralized controlled of A/V so as to monitor the definitions effectively. If not, definitions may not be updated and laptops would eventually get a virus. MacAfee, Symantec, Trend Micro, Computer Associates and many other vendors have central control and monitoring. Despite offerings for stand alone, typically consumer versions, do not implement these as they do not have central management and require maintenance and updates.

Voice Proposed Solution

The proposed solution provides active services to management functions. The solution integrates the hotel management system and comprises AR routers, SoftCo IP voice integrated switches, access devices agents, and terminals. The voice solution provides the following services:

• Checking in and checking out

• Updating room status

• Restricting guests' call rights in rooms

Figure 11: Voice Proposed Solution

These services helps customers enhance room management, improve efficiency, and optimize hotel operations. The proposed 5 star hotel solution comprises the core voice switch, Property Management System (PMS), Property Management System Interface (PMSI), and Voice Mail System (VMS).

The voice solution provides the following functions:

• Provides check-in and check-out services.

• Provides a PMSI interface for receiving commands from the PMS to record call details and facilitate the wake-up service.

• Manages the mini bar and prints consumption bills.

• Enables message services and new message notifications.

• Provides printable records of changes to room status.

• Integrates the hotel console system and the hotel management system to provide various services such as call restriction, voice recording, local address book, and information retrieval.

• Provides a hotel reservation service that enables hotel staff to query guest archives including check-in records.