Within two weeks of taking office as vice president of Wisconsin Center IT, Steve Totzke got a taste of what would become his biggest challenge. A few attentive members of the IT staff security team noticed that some systems were malfunctioning and correctly suspected a ransomware attack. It was a lucky pause, giving Totzke time to respond. The team separated the infected system from the rest of the network before the ransomware had a chance to spread.
This experience quickly made clear the importance of strengthening the organisation’s network – a colossal undertaking given that the organization operates three event venues: the Miller High Life Theatre, which has a capacity of 4,100 people; the 10,000-seat UW-Milwaukee Panther Arena; and the Wisconsin Center itself, which houses a grand ballroom and convention center.
Take stock of network security
Working with newly hired network operations manager Sean Colburn, Totzke looked at the organization’s network security from top to bottom. Totzke and Colburn found many areas in need of improvement, especially for its public and private Wi-Fi networks. This was important work, as the Wisconsin Center ultimately aimed to provide full Wi-Fi access and functionality to employees, customers and vendors across its three locations.
“We ran into a situation where we pretty much had to hit the reset button,” Colburn said. “It was a very immature network setup that had been developed years before and hadn’t really been upgraded. For example, even though the network was segmented into vLANs, it lacked proper network security to prevent traffic from seeing…through those vLANs.
Connectivity is extremely important for event management. For example, employees benefit from being able to connect wirelessly on one floor and print documents on another floor. But the most critical wireless connections were for customers attending events and point-of-sale (POS) systems. While sites had both public and private Wi-Fi at the time, Colburn said Wi-Fi networks lacked proper management and strong security features.
In fact, the situation was so precarious that point-of-sale systems, designed to be connected via Wi-Fi, were still wired. Point-of-sale operators were avoiding Wi-Fi because they didn’t trust its security, Colburn said.
It was also challenging to meet wireless security needs across multiple facilities. For example, sustaining a large company’s week-long annual meeting with concurrent theater and sporting events could be a “network security nightmare,” Colburn noted. “Wi-Fi and wired security must be strong for our customers to avoid the pain of an unsecured and unstable network,” he added.
And it wasn’t just the clients who felt the pain. Event production staff had to connect to Wi-Fi to use the communication systems. For example, the Ticketmaster system that allows attendees to enter a venue requires secure Wi-Fi network connectivity, as do vendors selling merchandise.
Improved Wi-Fi network security
The first step of the project was to identify how connections were developed, maintained and secured in the current system. The team would then determine available security protocols and payment card industry compliance requirements.
Slowly, Totzke and Colburn combed through all areas of network security, established what needed upgrading, and then replaced and added technology. They made a quick decision to bring security into the house. Prior to joining the Wisconsin Center, the original IT team relied on external professional services.
Next, Totzke and Colburn upgraded an aging Palo Alto firewall and added Palo Alto’s WildFire malware scanning engine. They then reworked the Layer 3 routing of the switch network and added the Paessler PRTG network monitoring tool to filter end-user devices connected to access points. With the Paessler tool, an access point could continue to operate even if network visibility to the access point was lost but still had a path to the Internet.
The most important decision the team made was to make better use of ExtremeCloud IQ, a cloud-based network management tool it inherited when Extreme Networks acquired technology from Aerohive. The original Aerohive product, as well as ExtremeCloud IQ, is controllerless, which means the brains are in the access points instead of a controller.
While the Wisconsin Center had previously purchased Aerohive technology, it was not being used effectively. For example, Aerohive’s HiveManager provided location-based analytics, the ability to map access points to end-user devices. Colburn wanted to take advantage of these kinds of features already available to them.
Finally, the team isolated all of its guest traffic for free public Wi-Fi by installing the open-source network access control (NAC) technology PacketFence. Because PacketFence has built-in security protocols, it can easily identify vulnerabilities and isolate them in a sandbox.
More effective security scans also helped the IT team stay in control. The analytics features provided by Aerohive, and now ExtremeCloud IP, have allowed the IT team to significantly up their game. The analytics feature can provide a 90-day snapshot of a specific device’s activity, access points he has used, and more.
And because ExtremeCloud IQ makes programming service set identifiers (SSIDs) easier, it was also a good time for the Wisconsin Center to move to 6G. “If you’re going to buy an access point that can do 4G, 5G and 6G, why wouldn’t you?” said Colburn. “We probably won’t use 6G for two or three years, but it allows us to move forward and start separating radio frequency-based technology, which is what the cell phone and PCS industry is doing. since the early 80’s. In the meantime, the IT team can use ExtremeCloud IQ to schedule SSIDs at the required frequency.
Wi-Fi network security today
Wi-Fi in all three facilities now works without issue and security is not as much of a concern. The Wi-Fi network currently supports multiple SSIDs with different authentication mechanisms in different buildings. For example, IT staff provide each vendor of goods in a location with a unique password for that device. The device then connects to a VLAN configured for this type of transaction. All network facilities are controlled through the same platform, maximizing efficiency and allowing each site to tailor its network to meet specific customer needs.
The IT team has some major successes to show for their work. For example, during Michelle Obama’s memoir tour, the Miller High Life Theater provided attendees with free Wi-Fi. Additionally, attendees could post live Instagram tweets and posts on a digital panel. The vendors on site had no problem selling books.
Additionally, the Wisconsin Center has hosted events like the 2020 virtual Democratic National Convention without any security concerns.
But the team is not finished yet. The next step is the installation of Ekahau technology to develop Wi-Fi designs and optimize Wi-Fi networks. The team also plans to invite ethical hackers to attempt to infiltrate their networks. “We’re going to build a network that’s not only secure, but will be one of the best Wi-Fi experiences a viewer can have outside of their home,” Colburn said.
About the AuthorKaren D. Schwartz is a technology and business writer with more than 20 years of experience. She has written on a wide range of technology topics for publications including CIO, InformationWeek, GCN, FCW, FedTech, BizTech, eWeek, and Government Executive.