With a one-man IT band and festivals in the fields, the Mean Fiddler needed an easy to manage and flexible solution to network security. Helen Beckett reports
With large numbers of visitors, both on its own premises and at temporary locations, as well as general staff members, the Mean Fiddler was presented with a challenge when trying to provide secure network access.
The original live music venue in Harlesden has grown into an empire that includes bars and music venues across London, such as the Astoria and the Jazz Cafe. In the summer, things get even busier as the Mean Fiddler moves to fields in Glastonbury, Reading and Leeds to organise music festivals.
For the one-man-band IT department, the solution had to be easy to maintain as well as effective. "We wanted to equip venues with firewalls in order to provide secured access to our internal staff as well as internet access to the press and the artists," said Christopher Simons, IT infrastructure manager for Mean Fiddler.
"In this era of online music forums and live concert webcasts, music journalists need to be able to file their reviews straight after gigs finish, and do so securely.
"Artists themselves also demand secure access to internet and e-mail services. At the same time, the vast number of music fans visiting our websites to check gig schedules and buy tickets makes electronic attacks a real concern."
The initial challenge when providing access to a festival site is to get a telecoms line out to the field. Once this is in place, Mean Fiddler hires Zen to provide broadband as the supplier is able to offer temporary contracts, and then it is a simple case of broadcasting a wireless signal for local use. Last, but no means least, is the task of securing the networks for different communities of users.
"Wireless networks are increasingly deployed at these events, as they are ideal for locations that lack existing infrastructure. But these too demand the highest levels of security," said Simons. With so many networking requirements to consider, Mean Fiddler needed a security solution that offered high levels of reliability, but was flexible enough to handle its unique demands.
As an existing WatchGuard user, the music promoter was convinced of the reliability of its products. "We have equipped our venues with WatchGuard firewalls, defending our broadband virtual private networks from unwanted attention."
Simons was therefore happy to implement wireless variants for festival locations, and critically, able to secure the temporary hard-wired broadband extension as part of its VPN.
"By equipping our festival sites with WatchGuard Firebox X Edge appliances, we are able to run broadband connections to festivals like Leeds and Reading, safe in the knowledge that our core IT networks won't be threatened by illegal access via remote locations."
Keeping staff secure and separate on the trusted, hard-wired network and retaining wireless for the press and visiting artists was a key part of the strategy. "There is no traffic between the trusted and the optional networks," said Simons.
Nonetheless, measures have also been taken to secure wireless access for guests, chiefly by encrypting through Wi-Fi Protected Access Pre-Shared Key (WPA PSK). The main advantage this encryption method offers over its predecessor Wired Equivalent Privacy (Wep), is that every packet is encrypted differently. A temporal key integrity protocol mechanism shares a starting key between devices. Each device then changes its encryption key for every packet. This makes it very difficult for hackers to read messages, even if they have intercepted the data.
An attractive feature of the Watchguard product for Simons was the facility to offer multiple wireless segments and thus separate out access for different audiences. The success of the festival network access this summer has prompted Simons to replicate the model across the company's permanent venues, offering a trusted network for staff, and wireless to the many visiting agents.
Additionally, the WatchGuard firebox provides a higher level of fault reporting, which is sent back in real time to the main console. Previously, explained Simons, he just had a router on a phone and this only enabled him to interpret log data retrospectively. If there was an immediate problem someone would call. Now, as everything is transacted by IP address, he can see a map address of all configured devices and their activity. "If someone is sitting there trying to do file sharing, it will be blocked."
With permanent and temporary music venues secured, Simons can focus on security policies. The network group policy is to disable all floppy and CD drives both for festival and permanent office use. All devices handed out to staff are anti-virused and pre-configured. "There's no chance of anyone being able to load any untoward software," Simons said. All devices are "ringed" and loaded with standard software.
Similarly, the Mean Fiddler takes a strong stance on internet usage and uses a web blocker. "We have got a responsibility to our staff and there are legal implications if they are exposed to unsuitable sites. We remove that possibility."
This was first published in November 2005