Étude de cas - Stadt Burgwedel

Secure IT Infrastructure Provides the Basis for Digital Learning

Challenge

In 2018, as part of the roll-out for a number of new digital learning projects across the town’s seven schools, the IT division of Burgwedel town council initiated a search for a manageable WLAN solution. Steffen Plapper, head of IT for the town of Burgwedel, explains: “Mobile devices are continuing to grow in popularity. In the past few years in education, we saw a consistent use of apps on mobile devices. However, in order to use laptops and tablets effectively, WLAN is a basic requirement—and not just any WLAN either." In addition to performance and latest technology standards such as Wave 2, Steffen and his team looked at security aspects and user-friendly administration. The WLAN needed to be protected from the latest security threats at all times. Another important consideration was that the solution needed to be easy to use and centrally managed. Because there were no plans to take on additional staff in the meantime, the infrastructure had to be easy to manage too. It was important to have centralized management of all schools and the ability to roll out configuration changes across all sites.

Solution

The decision to opt for WatchGuard’s WLAN portfolio was based on its extensive security features. The actual number of access points required was calculated based on the floor plans and the WatchGuard portfolio’s tailored planning tools. To date, well over one hundred AP420 Wi-Fi access points are used across all seven schools, providing extensive WLAN coverage right out to the school yard. Furthermore, to gain greater visibility, the IT department uses Wi-Fi Cloud for centralized and standardized administration of the wireless network. Every school is equipped with powerful WatchGuard Firebox M370 and M470 appliances that have tailored segmentation and added protection. “In a worse case scenario, site-specific segmentation allows us to determine exactly which school is having WLAN issues, and then intervene directly to find the source of the error and resolve the issue,” elaborates Steffen. There are also different configurations for areas with a Virtual Local Area Network (VLAN). Within these areas, it’s not only possible to differentiate by end device type, but also by user group and application. Steffen remarks: “This means, for example, that we can create precise categories by Android tablet or iOS tablet, or disconnect the administration WLAN from the teaching network where students and teachers work. It’s also possible to create a separate guest WLAN at any time. The rules for configuring the necessary communication are stored on the firewall."

Results

Today, the IT division has visibility into their network at all times to detect the latest security threats. Not only that, but thanks to a sophisticated, patented Wireless Intrusion Prevention System (WIPS), illicit attempts to access the network are fended off securely and automatically with no need for manual input from the IT team at all.

Wireless threats of all types—from rogue access points and clients to ad-hoc networks, evil twins, misconfigurations, and invalid client associations—can be identified and resolved. Thanks to the use of WatchGuard’s latest-generation firewalls, the WLAN structures can be segmented into any number of individual VLANs—a process made easy by the assignment of specific, customized security rules. In addition to the options already mentioned, the WLAN provides clear benefits in other areas too. Steffen concludes: “Over the next few years, the schools will expand and grow. Thanks to our WLAN solution, we’ll now be able to digitally map our central heating or roller blind control systems at any stage—in a way that is fully secure and completely separate from other WLAN applications. Lastly, the WLAN has enough bandwidth to handle applications such as VoIP, which can ultimately lead to even further savings."