Network device access control for the gaming enterprise

Network Access Control has been utilized to secure wireless networks in gaming environments for many years. It is crucial to effectively authenticate users and/or devices on internal (non-guest) wireless networks to curb less-than-ethical behavior of malicious users sitting in the parking lot or at one of the food outlets; we simply cannot leave an internal wireless network wide open. Thus, it is now extremely rare for any gaming environment to have an internal wireless network without access control. Any IT director/manager in opposition to this philosophy can likely be found in their office playing Call of Duty and should be given a wake-up call.

So, the question becomes: Why do so many gaming environments still leave their wired network open? I’m talking about network equipment facilitating connectivity of EGMs, workstations, receipt printers, phones, POS terminals, etc.

One common answer is complacency with physical security; i.e. their wired ports are not physically accessible. When hundreds of cameras manned by an entire surveillance department is at play, unauthorized or suspicious users trying to connect a rogue device should be easily spotted, no?

Sure, fair point… to a certain extent physical controls absolutely contribute to threat mitigation efforts; especially in areas of the gaming floor where network infrastructure is secured within locked cabinetry with overwhelming surveillance coverage, and wall jacks are secured with lock boxes or port security devices.

Physical controls are excellent but come with caveats, to name a few;

Some of these solutions can be circumvented with varying degrees of effort.
An inside job where physical locking mechanisms are easily circumvented leave the network ports behind the lock vulnerable unless it is further protected by identity management.
Some surveillance technicians may not easily spot a stealthy installation of a thumb-sized device to a compromised port.
Wall jacks may simply be in an area that many would not consider an attack vector; i.e. on the kitchen wall where a printer may be attached.

Another deterrent to implementing wired access control has been complexity and reliability of the available solutions. There are big players out there, such as Aruba and Cisco, that have had wired access control solutions for many years. The set-back has often been maturity or ease of implementation and/or administration of these solutions.

Gaming environments require 99.99% uptime. Period. When access control has potential to impact uptime, rolling the dice (so to speak) with an unstable base can a recipe for disaster; any viable solution must be intuitive and stable. It is of my opinion that we have finally reached a time where wired access control can be deployed throughout the entire gaming enterprise network without hindering the IT department’s ability to get a good night’s sleep. Maybe even deep-sleep, dare I say, considering that these solutions can enhance security AND manageability.

…What?! An information systems security solution can actually *enhance* manageability??

Yes, allow me to elaborate…

An identity management solution worth its weight does not simply secure the network by requiring device authentication, it also knows about the type of device that is connecting based on its assigned group or profiled characteristics. This means that security policies instituted by the IT department can follow the device around the network. An EGM will always be authenticated into the EGM network. Slot tech laptops, digital signage devices, etc. will all be authenticated into their respective networks.

These solutions also create an inventory of sorts. For instance, slot techs can have a special delegated inventory of EGM devices (Sentinels, X-Ports, iViews, etc) to manage. The management of these devices/groups can also be allocated to the slot floor technicians for better separation of duty, etc. This can give your slot department more direct access to the EGM network while providing superior security measures.

There are some considerations though… namely, all devices will need to be checked in, or provisioned, by the IT department before they are deployed into the production gaming environment. Additionally, the solution becomes mission-critical, and therefore one more service that requires thought during planned maintenances.

All of that said, we live in a world where information security is becoming increasingly critical. Gaming commissions and other regulatory bodies relevant in the gaming world are rightfully tightening compliance and control standards. Having just completed a project with a very successful network access control deployment to 100% of the casino environment, I am a big fan.