Resort Tools Security Recommendations

Owned by Sarah Holst
Last updated: Dec 02, 2024
2 min read

 

The following security controls are recommended to protect Resort Tools systems and maintain a secure environment for guest operations. These best practices focus on restricting unauthorized access, reducing attack surfaces, and ensuring system resilience. Please note that these security precautions apply to both the Resort Tools Kiosks and Resort Tools Waiver Tablets/Guest Check-In.

IP Restriction 

  • Control: Restrict access to Resort Tools systems to only allowed IP addresses. 

  • Threat/Risk Mitigated: Unauthorized access attempts from unknown or potentially malicious IP addresses can lead to data breaches or system compromise. IP restriction limits exposure by only allowing access from trusted sources, reducing the risk of unauthorized intrusion. 

Firewall and NSG Rules 

  • Control: Configure firewall and Network Security Group (NSG) rules to allow only necessary traffic. 

  • Threat/Risk Mitigated: Firewalls and NSGs control both inbound and outbound traffic, blocking any unnecessary or potentially harmful connections. These configurations prevent unauthorized network access and reduce the chances of attacks, such as port scanning and data exfiltration, by restricting the network pathways available to external and internal actors. 

Kiosk Mode 

  • Control: Set Resort Tools devices to operate in kiosk mode, limiting functionality to the required application only. 

  • Threat/Risk Mitigated: Kiosk mode prevents users from accessing other system features or applications, reducing the risk of accidental misconfigurations or intentional misuse. This control limits the potential for data tampering, unauthorized software installation, and exposure to malicious websites, ensuring the system remains dedicated solely to guest check-in functionality. 

Do Not Expose Externally 

  • Control: Avoid assigning public IP addresses to Resort Tools systems and ensure they are not accessible from the internet. 

  • Threat/Risk Mitigated: Publicly accessible systems are more vulnerable to attacks, such as brute-force attempts, DDoS, and exposure to vulnerabilities from external sources. By keeping Resort Tools systems internal-only, the risk of exploitation by external attackers is minimized, maintaining a more secure and controlled environment. 

SSL Certificate Requirement 

  • Control: Ensure that SSL certificates are applied to all Resort Tools systems and interfaces to enable secure, encrypted communications. 

  • Threat/Risk Mitigated: Without SSL encryption, data transmitted between systems and users is vulnerable to interception, manipulation, or theft via man-in-the-middle attacks. SSL certificates authenticate the systems and encrypt data in transit, preventing unauthorized access to sensitive information and ensuring communication integrity. This addition strengthens the overall security posture by protecting data exchanges, especially for systems managing guest check-in or handling sensitive information.  

Regular Patching 

  • Control: Ensure that Resort Tools systems are updated regularly with security patches. 

  • Threat/Risk Mitigated: Outdated software can have unpatched vulnerabilities that expose systems to exploits and malware. Regular patching addresses known security issues, reducing the risk of successful attacks and enhancing the resilience of ResortTools systems against emerging threats.