Macaroni Grill Blocks Unauthorized Network Access

4/7/2011
Boosting productivity for highly mobile area directors was a priority for Macaroni Grill when it set out to deploy Wi-Fi across its restaurants. But because credit cards are how people typically pay for a restaurant meal, Wi-Fi security was equally important to the nationwide restaurant chain.
 
Compliancy with Payment Card Industry Data Security Standard (PCI DSS) requirements and other security capabilities, including rogue access point detection and mitigation, therefore were must-have features for Macaroni Grill’s future wireless network.
 
“I had previously worked for an Internet security company, so security was high on my list of important attributes in considering which Wi-Fi solution to go with,” says Drew Stafford, Macaroni Grill’s VP of information technology.
 
Stafford came to Macaroni Grill in July 2009 with the responsibility of setting up the entire IT systems for more than 180 restaurants. The technology slated for overhaul ran the gamut from hardware and software for its point-of-sale (POS) and financial payroll to new firewalls, switches, an e-mail system, laptops and a wireless LAN.
 
“We had to build everything that a standalone company would need to operate, and Wi-Fi was an obvious piece we had to look at,” says Stafford. “Security played a major role when selecting a Wi-Fi vendor. Nobody wants a repeat of what happened to other large retailers that dealt with security breaches.”
 
Deciding factors
Macaroni Grill turned to Aerohive because its wireless network met the company’s Wi-Fi security requirements, as well as other requirements such as ease of management and deployment.
 
“I am completely satisfied with the PCI-compliance I get from Aerohive. There is a high probability of receiving a fine if your company doesn’t comply,” says Stafford. “All credit card information is being kept completely separate from the WLAN.”
 
As another part of the security landscape, Stafford is using Aerohive’s Private Pre-Shared Key (Private PSK) feature, which lets guest, legacy and hard-to-manage wireless LAN clients use strong encryption and authentication. “Instead of issuing a digital certificate and managing a full PKI infrastructure, we issued a Private Pre-Shared Key to each user’s laptop, effectively identifying each device that attaches to the wireless network.” ActiveDirectory is locking down settings on laptops for access and using the Private Pre-Shared Keys.
 
Additionally, Aerohive met its requirements for ease-of deployment and management, and its ability to provide network monitoring from afar using Aerohive’s Client Health Score.
 
 “When we started looking at other wireless vendors, we were having a difficult time with their evaluation equipment – even with the engineers we had on site, which is not good,” Stafford says. “I’m very familiar with other wireless, security, and networking solutions and if it’s not intuitive right out of the box then it’s probably not the right fit for us.”
 
Macaroni Grill considered a number of other vendors, but found their Wi-Fi products to be too expensive and/or complex. In contrast, the Aerohive demo immediately impressed Stafford. Aerohive’s controller-less architecture and software-based management allows a demo to take place in the cloud. Nothing is installed on site, and the easily-configured access points (APs) can simply be used as part of the production Wi-Fi network when one decides to move forward and deploy Aerohive.
 
“The way the Aerohive evaluation works, the configuration is done in the cloud,” says Stafford. “We were up and running with demo gear with very little sales support in about eight hours. The evaluation showed how very easy and intuitive Aerohive is to use.”
 
Macaroni Grill’s production deployment followed the same ease-of-configuration pattern.
 
“We set up our Aerohive HiveManager network management system and built default templates based on the model of the equipment,” says Stafford. “We were up and running in less than an hour. It was pretty much plug and play.” Once that template was set up we shipped the APs directly to the restaurants. Once the devices were plugged in at the restaurants they automatically received their initial configuration including security settings. This really impressed me because it saved us a tremendous amount of time and money on pre-staging each device.”
 
Resolving issues immediately
Since its summer rollout, Aerohive has been deployed in more than 184 restaurants with one AP per site, although its Dallas-based headquarters has four. On average 50 clients a day are using these APs at any given time.
 
In the restaurants, Wi-Fi end-users are mainly area directors, who are mobile and constantly on-site at the various locations. These people are responsible for multiple restaurants, and when they visit each site, they need to be able to seamlessly log into the corporate network just as if they were back at the corporate office.
 
Back at the corporate office, Wi-Fi is primarily used in conference rooms for corporate employees, guests and vendors making collaboration easier. For security reasons, guest access is segmented from the main network with a VLAN. As for possible future uses for the Aerohive Wi-Fi network, Macaroni Grill is looking at the possibility of using wireless-based training devices in the restaurants. They may also start offering the ability to have wireless available for banquets and could enable their team members to someday swipe credit cards at the table using wireless devices if so desired.
 
As for his security requirements, Stafford is very satisfied with the level of security his Aerohive WLAN has demonstrated. “The biggest piece of compliance was to be able to perform rogue access scans,” says Stafford. “We have a strict threshold on our AP signal levels. If we see a signal coming from an unauthorized device, we are alerted and can immediately investigate the issue. We can also see if traffic from an unauthorized AP is connected to our wired network, indicating a possible breach, then take immediate action to investigate and shut it down.”
 
Managing the Wi-Fi network has been simple with Aerohive, Stafford has found. Aerohive’s Client Health Score monitoring feature provides a color-coded dashboard that tells Stafford at a glance about the “health” of clients connected to the Wi-Fi network. A green, yellow or red color indicates the status of a client’s Wi-Fi statistics, client performance and the impact of client capability (e.g. 802.11a, b, n), signal strength, driver issues and WLAN and non-WLAN interference.
 
“We just log in and at a glance we can see all the APs that are up and running out in the field, we can identify management issues and can see how many clients are on – and can see it all regardless of where we are located.”
 
Client Health Score enables monitoring in real-time and can be used to identify and resolve issues before end users start to notice a performance issue.
 
Macaroni Grill had a comprehensive plan when it comes to its nationwide Wi-Fi rollout, and has used Aerohive to successfully execute on that strategy.
 
RELATED ARTICLE
X
This ad will auto-close in 10 seconds