Network audit and security
In most hotels, the network serving guest WiFi is the same one carrying booking and payment data. Our audit maps your infrastructure, reveals these exposures and closes them.
A network built layer by layer.
An ISP box at opening, switches for the cameras, one more access point at every complaint. No one ever drew the whole picture, and without segmentation, everything is connected to everything: a flaw on one exposes all the others.
Flat, accumulated network
- Guest WiFi, PMS and payment on one network
- A flaw on one device exposes everything else
- No map: no one knows what talks to what
- Default passwords, obsolete firmware
- Configuration incompatible with payment obligations
Mapped and segmented network
- Sealed zones: guests / staff / payment / cameras
- An incident stays contained, it no longer spreads
- The full map of your network, device by device
- Exposure points closed and prioritised
- Infrastructure presentable to an insurer or buyer
You cannot secure what you have not mapped.
Make the invisible visible
Our whole approach starts by drawing your entire network, device by device, flow by flow. Until that map exists, any security action is a blind bet.
Segmentation as a principle
Your systems must be organised into sealed zones, and between them, only strictly necessary exchanges are allowed. That is the difference between a contained incident and one that spreads everywhere.
Hardware-independent
Our audit does not systematically conclude “replace everything”. Often the essentials lie in configuration, not purchase. We only recommend an investment when measurement justifies it.
What we look at.
Five angles, from mapping the existing setup to network resilience.
- 0101 · Inventory
The mapping of the existing setup
We list every active and passive device, identify every connected system (PMS, payment, cameras, TV, automation, workstations) and draw the real flows between them. You get, often for the first time, the full plan of your own network.
- 0202 · Isolation
Flow segmentation
We analyse which systems can reach which others and spot the paths that should not exist. The goal: isolate guest WiFi, the PMS, payment and cameras, and open only the strict minimum between them.
- 0303 · Exposure
The exposure points
Default passwords never changed, obsolete firmware, remote access left open, forgotten devices still connected. These are the classic entry doors. We list them and prioritise them by criticality.
- 0404 · Hardware
The state of hardware and cabling
Is the active equipment sized for your uses? Is the cabling up to the expected throughput? We identify what must be upgraded, and only that.
- 0505 · Resilience
Network resilience
What happens if the box goes down? If a switch fails on a full night? We assess your single points of failure and the redundancy options relevant to your size.
The method, step by step.
We work on your living infrastructure, not on declarations.
- On-site survey01
Physical inventory
Equipment inventory, access to configurations, observation of real flows. We start from what truly exists, not from what we are told.
- Analysis02
Mapping & risks
Building the full map, identifying exposures, assessing segmentation and resilience. Each risk is qualified by probability and impact.
- Readout03
Map & costed plan
We present the map, the prioritised risks and the remediation plan. Each recommendation states its urgency, effort and cost. You decide with full knowledge.
- Optional04
Remediation
Implementing segmentation, hardening configurations, upgrades, tests. You entrust it to us or to your provider: the map and plan belong to you.
The deliverables.
Proof of state that improvisation never produces.
- 01
Complete mapping
Equipment, systems and flows of your infrastructure.
- 02
Risk register
Prioritised by criticality, with probability and impact.
- 03
Remediation plan
Costed and sequenced: what to do, in what order, at what cost.
- 04
Target segmentation plan
The network architecture to move towards.
- 05
Documentation
Yours to keep, useful even if you change provider.
From a network where a flaw exposes everything to one where a flaw stays contained.
The first benefit is immediate: you finally know what your network is made of. That visibility alone changes how you handle any future incident, no more searching blind.
The core benefit is risk reduction: once segmentation is in place, an incident on the guest WiFi can no longer reach your booking or payment data. And a mapped, segmented and documented network is one you can present, to an insurer, a payment partner, a buyer during a sale.
Duration, format, fees.
You only commit to the work after seeing what it involves.
- 2-3Weeks
depending on the size of the property
- Fixed feeBilling
audit at a set price
- Non-intrusiveSurvey
done while running, no outage
- QuoteRemediation
optional, drawn from the plan
Who is this for?
Four situations where knowing your exposure changes everything.
Accumulated infrastructure
Never rethoughtYour network was built layer by layer without ever being redrawn as a whole.
Payment processing
A chain to secureYou process card payments and want to cleanly isolate that chain from the rest of the network.
Sale or insurance
Proof of stateYou are preparing a sale or an insurance audit and need a documented, presentable network.
Remove the doubt
Know your exposureYou simply want to know what risk you are exposed to, before an incident reveals it.
Frequently asked questions.
Do you know what can reach your data from your guests’ WiFi?
Request a network audit. We map your infrastructure and show you exactly where the doors have been left open.