Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Session Overview
Are you leveraging best practices to ensure the inherent
security of 4690? Attend this informative session to learn
what they are and how they can be applied.
Agenda
4690 OS Security Functions including Hardware, and
ACE
Best Practices
4690 OS Security Case Study
Who is next…
4690 SECURITY
FUNCTION
4690 OS - a track record of success in retail
Designed specifically for retail store environments‒ Reliable, secure and flexible‒ Thin Client
Rock solid performance ‒ Approaching 1 million installations worldwide
Smallest footprint of any proven retail operatingsystem today
Dial-tone reliability – trusted 24 x 7 x 365
16 of the top 25 retailers run 4690 OS
TGCS 4690 Embedded Linux based Operating System is the premier point-of-sale platform in the
retail industry today, delivering broad functionality and remarkable reliability.
4690 OS – Data Integrity and Security• Data Integrity
– Guaranteed data writing
– Mirrored file capability
– Totals retention
– Terminal storage retention
• Security
– Multilevel access authorization
– Enhanced user security with V5 & V6
• OpenSSH, Secure Telnet, Secure FTP
– Directory Services with V6.3
– Whitelisting and File Integrity Monitoring with V6.5
TGCS Security Bulletins
TGCS Security Workgroup Communications
– Controlled Distribution to 4690 OS Entitled Customers
– Currently by Marketing Flash to TGCS Sales Team and Business
Partners for Customer Delivery
– Future Plan via Entitled Customer Only Web Portal
Toshiba 4690 OS Security and Hardware Terminal Hardware
‒ 4690 terminals don’t require a hard disk or CD-ROM
‒ No auto-run for devices in USB ports or CD-ROM
‒ Keylocks
• Keyboard
• Cash Drawer
• Printer - Journal Station
Operator Authorization (Application)
Controller Hardware
‒ No auto-run for devices in USB ports or CD-ROM
‒ Controller only drives your POS front end
‒ Remote access: use Secure Shell (SSH) or Netop
‒ Console ID Security & FTP Lockout
‒ SSDs
Toshiba 4690 OS Security 4690 OS Architecture
– Controls on File Management
– Media-less terminals
– Special Image Build Tools
– Software Distribution Methods
– Embedded Linux Layer is locked down
Windows Programs will not execute on 4690 OS
– Modern Win net protocols typically do not work with 4690 OS
Limited pool of deep 4690 OS skills available in the marketplace WW
– Hackers will have to acquire 4690 skills
– Product Documentation removed from external website
Security Functions in the 4690 Operating System
Enhanced Security
Directory Services / Open LDAP
SSH / SFTP
Console ID Lockout / FTP ID Lockout
Netop
Data Security for Payment Cards
Command Line Logging
SSL Certifications
Secure Delete
Encrypt Tool
MBrowser
Enhanced Menu
SSD Support
FIM
White Listing / Audit / Block
4690 OS – Security 4690 OS
– No user access to 4690 Linux core
– It’s not a general purpose OS
– Multilevel access authorization
– Whitelisting with V6.5
Enhanced Security
– Supports various password rules
Directory Services / Open LDAP
– Enterprise management of IDs and passwords
4690 OS – Whitelisting File Integrity Monitor (FIM)
– Customer creates base line of “golden” system
– Customer periodically runs scans of store controllers, pulling results and
comparing with previous scans for unexpected file changes
Whitelisting
– Customer creates authorized program list using “offline scan” tool
– Each file included on the Whitelist has a signature
– Each open request verifies signature if the file is on the Whitelist and if
signature matches
• Report Exception Mode: Provides trace logging and system events for file
status, but allows all opens to proceed
• Protect Mode: Prevents execution of all files that do not match the
signature. Files can be defined to always be blocked.
BEST PRACTICES
4690 OS Security with ACECash Register/POS Security Action 4690/ACE Solution CapabilitiesInstall Payment Application Security Standard-
compliant payment applications.
TGCS payment application are designed to the
PA-DSS standard and reviewed by an
independent assessor. The PCI website has the
current list of validated applications. You will find
ACE V7R3, V7R4, and V7R5 in the list of
validated payment applications.
https://www.pcisecuritystandards.org/
Deploy the latest version of an operating system
and ensure it is up to-date with security patches,
anti-virus software, file integrity monitoring, and
a host -based intrusion-detection system.
• Toshiba monitors and incorporates latest Linux
security patches in 4690 Enhanced
• Toshiba monitors 4690 Classic issues for security
concerns
• See below for File Integrity Monitoring (FIM)
response
Assign a strong password to security solutions to
prevent application modification.
4690 provides password hashing (SHA1) with an
update in 0F10
Perform a binary or checksum comparison to
ensure unauthorized files are not installed.
4690 has a built-in Report Module facility that can
be used as the first line of defense in terms of file
integrity management.
4690 OS/ACE Security Best PracticesCash Register/POS Security Action 4690/ACE Solution Capabilities
Ensure any automatic updates from third parties
are validated.
4690 does not perform automatic updates for
third party software
Disable unnecessary ports and services, null
sessions, default users and guests.
• By default, ports and services are disabled, and
have to be turned on by the administrator
• 4690 does not support null sessions
• Administrator responsibility to change default
user/password
Enable logging of events and make sure there is
a process to monitor logs on a daily basis.
4690 has extensive logging capabilities and
coupled with the RMA Data Capture software,
logs can be automatically pulled back to a central
location for further analysis
Implement least privileges and ACLs on users
and applications on the system
• 4690 Enhanced applications do not have root
privileges
• 4690 provides fine-grained access control to OS
menu options
• Our applications provides additional per-user
access control to actions
Implement hardware-based point-to-point
encryption
• ACE V7R4 and higher provides support for
TransArmor Verifone Edition (TAVE)
Security / Compliance with Verifone and First Data End-to-End Encryption – Verishield Protect
– Encrypts data at swipe of card
Tokenization - Transarmor (list of TAVE)
– Protects card data and prevents it from entering the merchant environment
– POS never holds actual card numbers from the transactions
– Removing payment card data from POS removes it from PCI scope
• Can reduce the scope of annual PCI audits by as much as 80%
• Can reduce the time PCI compliance requires by as much as 50%
ACE supports First Data’s
tokenization function for
credit, debit, and EBT
Food/Cash tenders
Best PracticesLatest software (install security patches)
Limit/avoid shared passwords
Define network zones
Use multi-factor authentication
Define, set & adhere to permissions/access
Use the functions provided
Find the right partners
BE VIGILANT!
4690 OS SECURITY
CASE STUDY
A 4690 OS customer hired a “white hat hacking”
company to perform a penetration test of their live
system.
They agreed to allow us to present the results, given
that no identifying information be included.
4690 OS Security Case Study
1.Issue Title: Insecure Protocols
Severity: Severe
Description: telnet ftp enabled
Vendor/TGCS recommendations: Enable SSH
2.Issue Title: Sensitive Information in Memory Dumps
Severity: High
Description: Card data in memory dumps
Vendor/TGCS recommendations: Enable “Data
Security” (V6R4)
4690 OS Penetration Test Results
3.Issue Title: Insufficient Server Hardening
Severity: Severe
Description: Unneeded services and ports available
Vendor/TGCS recommendations: Create a standard
configuration enabling only appropriate ports, services,
etc.,
4.Issue Title: Insecure Password Policy
Severity: Severe
Description: No password rules enable.
Vendor/TGCS recommendations: Enable “Enhanced
Security” with appropriate password rules
4690 OS Penetration Test Results
5.Issue Title: Account Enumeration
Severity: Medium
Description: There are unique error messages for
invalid ID and PW
Vendor/TGCS recommendations:
•SSH does provide single error message for invalid ID or
PW
•Control access to physical console:
•Enable “Console ID lockout” to limit attempts
4690 OS Penetration Test Results
6.Issue Title: Predictable User Names
Severity: Medium
Description: IDs are too simple and easy to guess
Vendor/TGCS recommendations: Implement a user
procedure to create non-trivial IDs
4690 OS Penetration Test Results
Case Study Conclusion
The findings were addressed in V6R4 or earlier
It is important to keep current with 4690 OS releases as
security continues to evolve.
Please share with us feedback from security studies you
have initiated.
Toshiba is prepared and ready to help you impalement 4690 Security
Best Practices.