WS 2000 Use Cases 9-3
Retail Use Case
A Retail Example
Background
CCC clothing stores have, in the past, used POS terminals with a 10BaseT Ethernet connection to an in-house server.
Management has decided to install wireless networking in the stores. Wireless point of sale (POS) terminals and printers
will allow them to be more flexible with store layout. Wireless handheld terminals for inventory and price lookup will make
inventory faster and more accurate. In some stores, management is adding a cafe with free wireless Internet access. The
hope is that customers will visit more often and stay longer if their partners can use the Internet while they shop.
The following links show the tasks that the system administrator will carry out to complete the wireless upgrade.
The Plan
Clarisa is the employee assigned to implement the new network in San Jose. She needs three very different security
policies. Wireless security policies are part of a WLAN configuration, so she will need three different WLANs.
• WLAN #1: Confidential information, such as credit card numbers and customer purchases, will travel over the links to
wireless POS terminals. For these, she wants the strongest security measures possible. The two components of a
wireless security policy are user authentication and data encryption. The corporation has a RADIUS server for user
authentication and it is a logical choice for this application. If the corporation did not have a RADIUS server, an
alternative would have been to install Kerberos on the in-store server and use Kerberos user authentication. As for data
encryption, WEP is not secure enough for this traffic. A survey of the wireless POS terminals reveals that they all support
WPA-TKIP, so Clarisa will use WPA-TKIP for data encryption.
• WLAN #2: The wireless printers are difficult to misuse - no keyboards - and the data stream to them does not include
any information that needs strong encryption. On this WLAN, Clarisa can limit user access by limiting connections to
just those devices which have their MAC addresses entered in the switch. The data will be WEP encrypted.
• WLAN #3: In the cafe, Clarisa wants an open network - no authentication or encryption. She believes that otherwise
the support problems will be too difficult. But management wants to be absolutely certain that users of the cafe net
cannot get access to the store computers or POS terminals. The WS 2000 allows the administrator to restrict access
from one subnet to another, so Clarisa will create a subnet that is just for WLAN #3, and then restrict access from that
subnet to the other subnets.