Those of you using NSCAN...did you have to implement any additional, beyond the normal security measures for the wireless network? We have a venue that has its own wireless network but I'm wondering if we should set up a separate wireless network for the scanners only.
Gloria,
Here at AT&T Performing Arts Center, we have a separate VLAN for our scanners. We have a property with 2 buildings plus our business offices are in a separate building a couple of blocks away. The VLAN is accessible by all scanners no matter what building they are in. We have experienced no problems with it and it seems to work great having the scanners on their own VLAN. The one problem with the VLAN is that if the actual wireless network goes down, so does the VLAN which makes the scanners not useable.
Teresa
From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Gloria Ormsby Sent: Wednesday, November 03, 2010 10:20 AM To: Teresa Dean Subject: [Tessitura Technical Forum] NSCAN - Wireless Security
This message was sent automatically to you by www.tessituranetwork.com because you subscribed to the Tessitura Technical Forum. You may reply to this message to post to the Technical forum or visit the site to search, read and post to the forums. In the interest of keeping the forum posts from becoming cluttered, we encourage you to delete previous message text from your reply before sending. Thank you!
We have both a public and private wireless network. We use the private for our scanners which requires a password to access. We did not have to add any special security measures for the scanners, however we did find that we had to lessen the security type from our preferred WPA-PSK2 down to WPA because the scanners were extremely slow and timing out when accessing the server when the wireless network was set at the higher security level.
Penny Tabor
IT Manager
Midland Center for the Arts
Midland, MI 48640
From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Gloria Ormsby Sent: Wednesday, November 03, 2010 11:20 AM To: Tabor, Penny Subject: [Tessitura Technical Forum] NSCAN - Wireless Security
We have the access control on a separate WLAN which uses a unique VLAN, MAC address restrictions, static IPs, and firewall with only the 6 IP addresses assigned to the scanners allowed through the firewall. We went a little extreme there, mainly due to PCI - since it is a wireless network (albeit private) and it is talking to the WebAPI (which is in itself a layer of security) we just wanted to be extra diligent in being able to confidently address the requirements.
The ability to have multiple WLANS with varying security and setup is a nice benefit of the additional investment of a Cisco or similar enterprise class wireless controller.
We addressed this with David Judd when he was here for a different reason. I was concerned with exposing the NSCAN API to the internet for fear it could be used to collect CC info from Tessitura. David assured us that there is never any CC information passed by nscan. Because of that these scanners should be safe to use over any network. While I do think that a WPA protected network is a good choice it shouldn't really matter if they are run over an open network since the snooper could only get a patron name and seat number returned to them. That being said I don't think I would ever use an open network for them but they should not pose any PCI issue at all.
-Rich
That was my assessment as well – but we went ahead and used WPA2 encryption
We have a different WLAN that is open
Nathan Campbell Manager of Support and Systems Analysis Dallas Symphony Orchestra Morton H. Meyerson Symphony Center Schlegel Administrative Suites 2301 Flora Street Dallas, Texas 75201 214-871-4026 - phone 214-953-1218 - fax n.campbell@dalsym.com www.dallassymphony.com
From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Rich Tepper Sent: Wednesday, November 03, 2010 1:31 PM To: Nathan Campbell Subject: Re: [Tessitura Technical Forum] NSCAN - Wireless Security
From: Nathan Campbell <bounce-nathancampbell1231@tessituranetwork.com> Sent: 11/3/2010 11:00:28 AM
Thank you everyone for your input. It is very helpful.
From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Nathan Campbell Sent: Wednesday, November 03, 2010 2:41 PM To: Gloria Ormsby Subject: RE: [Tessitura Technical Forum] NSCAN - Wireless Security
I think it’s better to have a separate WLAN only for NScan so that you can apply maximum security which may not be a good idea for a general use WLAN.
We have a totally separate WLAN for access control. We are using WPA encryption (since both your router and scanner model have to support it you may not always have the choice to go for the maximum wireless data encryption), MAC address filtering, static IP, and we also don’t broadcast SSID as an extra security measure so that nobody can see the network and try to connect to it.
Mo
Mohiuddin Faruqe
Business Analyst
The National Ballet of Canada
From: Tessitura Technical Forum [mailto:forums-technical@tessituranetwork.com] On Behalf Of Gloria Ormsby Sent: Wednesday, November 03, 2010 11:20 AM To: Mohiuddin Faruqe Subject: [Tessitura Technical Forum] NSCAN - Wireless Security