Security and POS Best Practices

Peter Harris – Peter.Harris@Toshibgcs.com

Product Line Manager

Session Overview

Are you leveraging best practices to ensure the inherent

security of 4690? Attend this informative session to learn

what they are and how they can be applied.

Agenda

4690 OS Security Functions including Hardware, and

ACE

Best Practices

4690 OS Security Case Study

Who is next…

4690 SECURITY

FUNCTION

4690 OS - a track record of success in retail

Designed specifically for retail store environments‒ Reliable, secure and flexible‒ Thin Client

Rock solid performance ‒ Approaching 1 million installations worldwide

Smallest footprint of any proven retail operatingsystem today

Dial-tone reliability – trusted 24 x 7 x 365

16 of the top 25 retailers run 4690 OS

TGCS 4690 Embedded Linux based Operating System is the premier point-of-sale platform in the

retail industry today, delivering broad functionality and remarkable reliability.

4690 OS – Data Integrity and Security• Data Integrity

– Guaranteed data writing

– Mirrored file capability

– Totals retention

– Terminal storage retention

• Security

– Multilevel access authorization

– Enhanced user security with V5 & V6

• OpenSSH, Secure Telnet, Secure FTP

– Directory Services with V6.3

– Whitelisting and File Integrity Monitoring with V6.5

TGCS Security Bulletins

TGCS Security Workgroup Communications

– Controlled Distribution to 4690 OS Entitled Customers

– Currently by Marketing Flash to TGCS Sales Team and Business

Partners for Customer Delivery

– Future Plan via Entitled Customer Only Web Portal

Toshiba 4690 OS Security and Hardware Terminal Hardware

‒ 4690 terminals don’t require a hard disk or CD-ROM

‒ No auto-run for devices in USB ports or CD-ROM

‒ Keylocks

• Keyboard

• Cash Drawer

• Printer - Journal Station

Operator Authorization (Application)

Controller Hardware

‒ No auto-run for devices in USB ports or CD-ROM

‒ Controller only drives your POS front end

‒ Remote access: use Secure Shell (SSH) or Netop

‒ Console ID Security & FTP Lockout

‒ SSDs

Toshiba 4690 OS Security 4690 OS Architecture

– Controls on File Management

– Media-less terminals

– Special Image Build Tools

– Software Distribution Methods

– Embedded Linux Layer is locked down

Windows Programs will not execute on 4690 OS

– Modern Win net protocols typically do not work with 4690 OS

Limited pool of deep 4690 OS skills available in the marketplace WW

– Hackers will have to acquire 4690 skills

– Product Documentation removed from external website

Security Functions in the 4690 Operating System

Enhanced Security

Directory Services / Open LDAP

SSH / SFTP

Console ID Lockout / FTP ID Lockout

Netop

Data Security for Payment Cards

Command Line Logging

SSL Certifications

Secure Delete

Encrypt Tool

MBrowser

Enhanced Menu

SSD Support

FIM

White Listing / Audit / Block

4690 OS – Security 4690 OS

– No user access to 4690 Linux core

– It’s not a general purpose OS

– Multilevel access authorization

– Whitelisting with V6.5

Enhanced Security

– Supports various password rules

Directory Services / Open LDAP

– Enterprise management of IDs and passwords

4690 OS – Whitelisting File Integrity Monitor (FIM)

– Customer creates base line of “golden” system

– Customer periodically runs scans of store controllers, pulling results and

comparing with previous scans for unexpected file changes

Whitelisting

– Customer creates authorized program list using “offline scan” tool

– Each file included on the Whitelist has a signature

– Each open request verifies signature if the file is on the Whitelist and if

signature matches

• Report Exception Mode: Provides trace logging and system events for file

status, but allows all opens to proceed

• Protect Mode: Prevents execution of all files that do not match the

signature. Files can be defined to always be blocked.

BEST PRACTICES

4690 OS Security with ACECash Register/POS Security Action 4690/ACE Solution CapabilitiesInstall Payment Application Security Standard-

compliant payment applications.

TGCS payment application are designed to the

PA-DSS standard and reviewed by an

independent assessor. The PCI website has the

current list of validated applications. You will find

ACE V7R3, V7R4, and V7R5 in the list of

validated payment applications.

https://www.pcisecuritystandards.org/

Deploy the latest version of an operating system

and ensure it is up to-date with security patches,

anti-virus software, file integrity monitoring, and

a host -based intrusion-detection system.

• Toshiba monitors and incorporates latest Linux

security patches in 4690 Enhanced

• Toshiba monitors 4690 Classic issues for security

concerns

• See below for File Integrity Monitoring (FIM)

response

Assign a strong password to security solutions to

prevent application modification.

4690 provides password hashing (SHA1) with an

update in 0F10

Perform a binary or checksum comparison to

ensure unauthorized files are not installed.

4690 has a built-in Report Module facility that can

be used as the first line of defense in terms of file

integrity management.

4690 OS/ACE Security Best PracticesCash Register/POS Security Action 4690/ACE Solution Capabilities

Ensure any automatic updates from third parties

are validated.

4690 does not perform automatic updates for

third party software

Disable unnecessary ports and services, null

sessions, default users and guests.

• By default, ports and services are disabled, and

have to be turned on by the administrator

• 4690 does not support null sessions

• Administrator responsibility to change default

user/password

Enable logging of events and make sure there is

a process to monitor logs on a daily basis.

4690 has extensive logging capabilities and

coupled with the RMA Data Capture software,

logs can be automatically pulled back to a central

location for further analysis

Implement least privileges and ACLs on users

and applications on the system

• 4690 Enhanced applications do not have root

privileges

• 4690 provides fine-grained access control to OS

menu options

• Our applications provides additional per-user

access control to actions

Implement hardware-based point-to-point

encryption

• ACE V7R4 and higher provides support for

TransArmor Verifone Edition (TAVE)

Security / Compliance with Verifone and First Data End-to-End Encryption – Verishield Protect

– Encrypts data at swipe of card

Tokenization - Transarmor (list of TAVE)

– Protects card data and prevents it from entering the merchant environment

– POS never holds actual card numbers from the transactions

– Removing payment card data from POS removes it from PCI scope

• Can reduce the scope of annual PCI audits by as much as 80%

• Can reduce the time PCI compliance requires by as much as 50%

ACE supports First Data’s

tokenization function for

credit, debit, and EBT

Food/Cash tenders

Best PracticesLatest software (install security patches)

Limit/avoid shared passwords

Define network zones

Use multi-factor authentication

Define, set & adhere to permissions/access

Use the functions provided

Find the right partners

BE VIGILANT!

4690 OS SECURITY

CASE STUDY

A 4690 OS customer hired a “white hat hacking”

company to perform a penetration test of their live

system.

They agreed to allow us to present the results, given

that no identifying information be included.

4690 OS Security Case Study

1.Issue Title: Insecure Protocols

Severity: Severe

Description: telnet ftp enabled

Vendor/TGCS recommendations: Enable SSH

2.Issue Title: Sensitive Information in Memory Dumps

Severity: High

Description: Card data in memory dumps

Vendor/TGCS recommendations: Enable “Data

Security” (V6R4)

4690 OS Penetration Test Results

3.Issue Title: Insufficient Server Hardening

Severity: Severe

Description: Unneeded services and ports available

Vendor/TGCS recommendations: Create a standard

configuration enabling only appropriate ports, services,

etc.,

4.Issue Title: Insecure Password Policy

Severity: Severe

Description: No password rules enable.

Vendor/TGCS recommendations: Enable “Enhanced

Security” with appropriate password rules

4690 OS Penetration Test Results

5.Issue Title: Account Enumeration

Severity: Medium

Description: There are unique error messages for

invalid ID and PW

Vendor/TGCS recommendations:

•SSH does provide single error message for invalid ID or

PW

•Control access to physical console:

•Enable “Console ID lockout” to limit attempts

4690 OS Penetration Test Results

6.Issue Title: Predictable User Names

Severity: Medium

Description: IDs are too simple and easy to guess

Vendor/TGCS recommendations: Implement a user

procedure to create non-trivial IDs

4690 OS Penetration Test Results

Case Study Conclusion

The findings were addressed in V6R4 or earlier

It is important to keep current with 4690 OS releases as

security continues to evolve.

Please share with us feedback from security studies you

have initiated.

Toshiba is prepared and ready to help you impalement 4690 Security

Best Practices.