Security and pos best Practices Peter Harris



Download 2.14 Mb.
View original pdf
Page1/4
Date20.02.2023
Size2.14 Mb.
#60707
  1   2   3   4
prod.tos873817

Security and POS Best Practices
Peter Harris

Peter.Harris@Toshibgcs.com
Product Line Manager

Session Overview
Are you leveraging best practices to ensure the inherent security of 4690? Attend this informative session to learn what they are and how they can be applied.

Agenda 4690 OS Security Functions including Hardware, and ACE
 Best Practices 4690 OS Security Case Study

Who is next…


4690 SECURITY
FUNCTION


4690 OS - a track record of success in retail Designed specifically for retail store environments
‒ Reliable, secure and flexible Thin Client Rock solid performance
‒ Approaching 1 million installations worldwide Smallest footprint of any proven retail operating
system today
Dial-tone reliability
– trusted 24 xx 365
16 of the top 25 retailers run 4690 OS
TGCS 4690 Embedded Linux based Operating System is the premier point-of-sale platform in the
retail industry today, delivering broad functionality and remarkable reliability.


4690 OS
Data Integrity and Security

Data Integrity
– Guaranteed data writing Mirrored file capability Totals retention Terminal storage retention

Security
– Multilevel access authorization Enhanced user security with V & V OpenSSH, Secure Telnet, Secure FTP Directory Services with V Whitelisting and File Integrity Monitoring with V6.5


TGCS Security Bulletins TGCS Security Workgroup Communications
– Controlled Distribution to 4690 OS Entitled Customers Currently by Marketing Flash to TGCS Sales Team and Business Partners for Customer Delivery Future Plan via Entitled Customer Only Web Portal

Toshiba 4690 OS Security and Hardware Terminal Hardware
‒ 4690 terminals don’t require a hard disk or CD-ROM
‒ No auto-run for devices in USB ports or CD-ROM
‒ Keylocks
• Keyboard Cash Drawer Printer - Journal Station Operator Authorization (Application Controller Hardware
‒ No auto-run for devices in USB ports or CD-ROM
‒ Controller only drives your POS front end Remote access use Secure Shell (SSH) or Netop
‒ Console ID Security & FTP Lockout SSDs

Toshiba 4690 OS Security 4690 OS Architecture
Controls on File Management Media-less terminals Special Image Build Tools Software Distribution Methods Embedded Linux Layer is locked down Windows Programs will not execute on 4690 OS
– Modern Win net protocols typically do notwork with 4690 OS Limited pool of deep 4690 OS skills available in the marketplace WW
– Hackers will have to acquire 4690 skills Product Documentation removed from external website

Security Functions in the 4690 Operating System Enhanced Security
Directory Services / Open LDAP
SSH / SFTP
Console ID Lockout / FTP ID Lockout
Netop
Data Security for Payment Cards
Command Line Logging
SSL Certifications
Secure Delete
Encrypt Tool
MBrowser
Enhanced Menu
SSD Support
FIM
White Listing / Audit / Block


4690 OS
– Security 4690 OS
– No user access to 4690 Linux core It’s not a general purpose OS Multilevel access authorization Whitelisting with Vb Enhanced Security

– Supports various password rules Directory Services / Open LDAP
– Enterprise management of IDs and passwords


4690 OS
– Whitelisting
File Integrity Monitor (FIM)
– Customer creates baseline of golden system Customer periodically runs scans of store controllers, pulling results and comparing with previous scans for unexpected file changes Whitelisting
– Customer creates authorized program list using offline scan tool
– Each file included on the Whitelist has a signature Each open request verifies signature if the file is on the Whitelist and if signature matches Report Exception Mode Provides trace logging and system events for file status, but allows all opens to proceed Protect Mode Prevents execution of all files that do not match the signature. Files can be defined to always be blocked.

BEST PRACTICES


4690 OS Security with ACE

Download 2.14 Mb.

Share with your friends:
  1   2   3   4




The database is protected by copyright ©ininet.org 2024
send message

    Main page