Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:40 AM

Hat World Tops Off EVDO Rollout With Security

Retailer initially found EVDO security solutions few and far between

When retailer Hat World (aka Lids) decided to toss its DSL service for a less-pricey, higher-bandwidth 3G Evolution-Data Only (EVDO) cellular wireless service, a lack of available security solutions for EVDO nearly derailed the initiative.

Hat World, which operates approximately 850 stores in the U.S. which sell college and professional sports teams' hats as well as special fashion lids, had begun experiencing bandwidth troubles with its DSL links. But when the retailer began looking at EVDO as an alternative to DSL last year, security for EVDO was a big bugaboo.

“EVDO was new, so there were not a lot of security products available,” and those that were available were limited, says Larry Havlik, senior director for information technology and facilities at Hat World, which is owned by Nashville, Tenn.-based clothing provider Genesco.

Many had EVDO as a secondary, rather than a primary, communication option. And the switches were designed for consumers and lacked central management functions.

Hat World's path to providing its stores with broadband links had been checkered with various ad-hoc decisions due to budget constraints. In 2005, the company’s loss prevention unit decided to put security cameras in its stores to lower its theft rate. The application supported dial up or high-speed connections, but watching video over a dial-up line proved cumbersome.

After scouring the marketplace, the retailer selected NetGear ProSafe combination router/firewalls to support its broadband links. “The NetGear product cost about $100 while other options were $1,000 or more,” Havlik says.

So the company rolled out DSL connections in a few hundred stores in 2006. The new links cut credit card transaction processing time from 45 second to fewer than five seconds, and supported the retailer’s new in-store embroidering service for custom-design caps. DSL enabled complex graphics to be passed from stores to the corporate office.

But the new network caused problems for the IT department. “We quickly went from beta to more locations than we could manage,” recalls Havlik. Because the NetGear product is designed as an autonomous device, the IT staff was unable to centrally manage the growing number of connections. So the DSL broadband rollout came to a screeching halt last year.

Late last year, the retailer discovered Sprint’s new EVDO service, which cost about half as much as a DSL line: $50 to $60 per EVDO connection versus $100 to $130 per DSL line. And EVDO wireless was obviously simpler to install because there are no wires. “In many of our locations, we share telecommunications services with a lot of other companies, so working in the wiring closet can be difficult,” Havlik says.

Fortinet was building the FortiWifi-60B, a combination WiFi/EVDO security appliance during that time, so that caught Hat World’s attention. “Since they were still developing the product, our requirements influenced its design,” Havlik says.

After a successful beta test of the Fortinet appliance and FortiManager, which provides central management of the remote devices in a few dozen stores, Hat World went operational with EVDO services in 350 stores last fall. The potential cost savings from switching its broadband option helped to justify the $400,000 Fortinet deployment.

There were a few bumps along the way, however. To save money, the retailer configured its Fortinet devices at headquarters and then had end users install them. “We underestimated the amount of time that we would have to spend on the phone with our employees,” Havlik admits. At best, it took 15 minutes to deploy a system, but other times, the process dragged on for as long as 90 minutes.

But the deployment problems did not stem entirely from the employees’ lack of expertise. Concrete walls blocked some signals, and in some cases, even adding a second antenna didn’t solve the problem. As a result, broadband services are now available in 350 locations -- 85 percent using EVDO and 15 percent still running DSL.

Hat World plans to add EVDO to more locations. “We are putting together some numbers so we will have money in the budget to add more locations next year,” Havlik says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Fortinet Inc.
  • Netgear Inc. (Nasdaq: NTGR)
  • Sprint Nextel Corp. (NYSE: S)

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Sodinokibi Ransomware: Where Attackers' Money Goes
    Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
    Data Privacy Protections for the Most Vulnerable -- Children
    Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
    State of SMB Insecurity by the Numbers
    Ericka Chickowski, Contributing Writer,  10/17/2019
    Register for Dark Reading Newsletters
    White Papers
    Current Issue
    7 Threats & Disruptive Forces Changing the Face of Cybersecurity
    This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
    Flash Poll
    2019 Online Malware and Threats
    2019 Online Malware and Threats
    As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    PUBLISHED: 2019-10-21
    An issue was discovered in Contactmanager 13.x before, 14.x before, and 15.x before for FreePBX In the Contactmanager class (html\admin\modules\contactmanager\Contactmanager.class.php), an unsanitized group variable coming from the URL is reflected in HTML on...
    PUBLISHED: 2019-10-21
    Trend Micro Anti-Threat Toolkit (ATTK) versions and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
    PUBLISHED: 2019-10-21
    app/call_centers/cmd.php in the Call Center Queue Module in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated attackers (with at least the permission call_center_queue_add or call_center_queue_edit) to execute any comma...
    PUBLISHED: 2019-10-21
    resources/cmd.php in FusionPBX up to 4.5.7 suffers from a command injection vulnerability due to a lack of input validation, which allows authenticated administrative attackers to execute any commands on the host as www-data.
    PUBLISHED: 2019-10-21
    On the RICOH MP 501 printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn and KeyDisplay parameter to /web/entry/en/address/adrsSetUserWizard.cgi.