Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/15/2008
06:40 AM
50%
50%

Hat World Tops Off EVDO Rollout With Security

Retailer initially found EVDO security solutions few and far between

When retailer Hat World (aka Lids) decided to toss its DSL service for a less-pricey, higher-bandwidth 3G Evolution-Data Only (EVDO) cellular wireless service, a lack of available security solutions for EVDO nearly derailed the initiative.

Hat World, which operates approximately 850 stores in the U.S. which sell college and professional sports teams' hats as well as special fashion lids, had begun experiencing bandwidth troubles with its DSL links. But when the retailer began looking at EVDO as an alternative to DSL last year, security for EVDO was a big bugaboo.

“EVDO was new, so there were not a lot of security products available,” and those that were available were limited, says Larry Havlik, senior director for information technology and facilities at Hat World, which is owned by Nashville, Tenn.-based clothing provider Genesco.

Many had EVDO as a secondary, rather than a primary, communication option. And the switches were designed for consumers and lacked central management functions.

Hat World's path to providing its stores with broadband links had been checkered with various ad-hoc decisions due to budget constraints. In 2005, the company’s loss prevention unit decided to put security cameras in its stores to lower its theft rate. The application supported dial up or high-speed connections, but watching video over a dial-up line proved cumbersome.

After scouring the marketplace, the retailer selected NetGear ProSafe combination router/firewalls to support its broadband links. “The NetGear product cost about $100 while other options were $1,000 or more,” Havlik says.

So the company rolled out DSL connections in a few hundred stores in 2006. The new links cut credit card transaction processing time from 45 second to fewer than five seconds, and supported the retailer’s new in-store embroidering service for custom-design caps. DSL enabled complex graphics to be passed from stores to the corporate office.

But the new network caused problems for the IT department. “We quickly went from beta to more locations than we could manage,” recalls Havlik. Because the NetGear product is designed as an autonomous device, the IT staff was unable to centrally manage the growing number of connections. So the DSL broadband rollout came to a screeching halt last year.

Late last year, the retailer discovered Sprint’s new EVDO service, which cost about half as much as a DSL line: $50 to $60 per EVDO connection versus $100 to $130 per DSL line. And EVDO wireless was obviously simpler to install because there are no wires. “In many of our locations, we share telecommunications services with a lot of other companies, so working in the wiring closet can be difficult,” Havlik says.

Fortinet was building the FortiWifi-60B, a combination WiFi/EVDO security appliance during that time, so that caught Hat World’s attention. “Since they were still developing the product, our requirements influenced its design,” Havlik says.

After a successful beta test of the Fortinet appliance and FortiManager, which provides central management of the remote devices in a few dozen stores, Hat World went operational with EVDO services in 350 stores last fall. The potential cost savings from switching its broadband option helped to justify the $400,000 Fortinet deployment.

There were a few bumps along the way, however. To save money, the retailer configured its Fortinet devices at headquarters and then had end users install them. “We underestimated the amount of time that we would have to spend on the phone with our employees,” Havlik admits. At best, it took 15 minutes to deploy a system, but other times, the process dragged on for as long as 90 minutes.

But the deployment problems did not stem entirely from the employees’ lack of expertise. Concrete walls blocked some signals, and in some cases, even adding a second antenna didn’t solve the problem. As a result, broadband services are now available in 350 locations -- 85 percent using EVDO and 15 percent still running DSL.

Hat World plans to add EVDO to more locations. “We are putting together some numbers so we will have money in the budget to add more locations next year,” Havlik says.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

  • Fortinet Inc.
  • Netgear Inc. (Nasdaq: NTGR)
  • Sprint Nextel Corp. (NYSE: S)

    Comment  | 
    Print  | 
    More Insights
  • Comments
    Newest First  |  Oldest First  |  Threaded View
    Register for Dark Reading Newsletters
    White Papers
    Video
    Cartoon Contest
    Write a Caption, Win a Starbucks Card! Click Here
    Latest Comment: Our Endpoint Protection system is a little outdated... 
    Current Issue
    The Year in Security: 2019
    This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
    Flash Poll
    Rethinking Enterprise Data Defense
    Rethinking Enterprise Data Defense
    Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
    Twitter Feed
    Dark Reading - Bug Report
    Bug Report
    Enterprise Vulnerabilities
    From DHS/US-CERT's National Vulnerability Database
    CVE-2019-19729
    PUBLISHED: 2019-12-11
    An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects _bsontype==ObjectID in the user-inpu...
    CVE-2019-19373
    PUBLISHED: 2019-12-11
    An issue was discovered in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can trigger arbitrary unserialization of a PHP object from a packages/cms/page_templates/page_remote_content/page_remote_content.inc POST parame...
    CVE-2019-19374
    PUBLISHED: 2019-12-11
    An issue was discovered in core/assets/form/form_question_types/form_question_type_file_upload/form_question_type_file_upload.inc in Squiz Matrix CMS 5.5.0 prior to 5.5.0.3, 5.5.1 prior to 5.5.1.8, 5.5.2 prior to 5.5.2.4, and 5.5.3 prior to 5.5.3.3 where a user can delete arbitrary files from the se...
    CVE-2014-7257
    PUBLISHED: 2019-12-11
    SQL injection vulnerability in DBD::PgPP 0.05 and earlier
    CVE-2013-4303
    PUBLISHED: 2019-12-11
    includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of "." (period) characters in a string, which allows remote attackers to conduct cross-s...