Point of Sale for Restaurants and RetailYour business is Vulnerable to Wardriving. 7 Ways to protect your POS System.
January 4th 2009 03:26
Recently a 41 Million Credit Cards were stolen. This was a breach of security that occurred among several major business chains. That’s right 41 million credit cards taken from TJ Max, BJ’s Whole Sale Club, Office Max, Boston Market and Barne’s & Nobel. If you aren’t familiar with how it happened; they were attacked by a method called Wardriving. Have you yet noticed, every few years there’s one of these stories breaking? It doesn’t have to be this way. Just because you are attacked, doesn’t mean you are vulnerable. This advice will help to avoid being a statistic.
What is WarDriving?
War Driving has been around since wireless was invented. War driving is a mobile attack method used by hackers. Hackers will drive in their car or van around businesses, using a wireless devices to locate wireless access points, i.e. your POS network. The War part is when they attack your computer system. So what can you do about it?
[blockquote]Fun Fact: Did you know that laws were changed several years ago making it illegal to even go on a network you aren’t invited to? When encryption became popular, network engineers would drive through businesses looking for vulnerable networks. Once they would find them, they would then contact the company and sell networking services to them. These engineers would charge hundreds of dollars simply for enabling network encryption.[/blockquote]
What about Encryption? It protects you, right?
Encryption means you are secure. No. For what we are discussing here, static content, encryption is a passive method for security. There are still good uses for encryption out there, I’m not saying encryption is useless. However if you have static passwords and static storage of information, such as encrypted POS databases, encryption is basically useless.
How to Lower the Risk your Wireless Router Causes.
It used to be you could encrypt and password protect your network, then you’d be safe and happy. Your engineer told you “128 Bit, it’s safe.” But as hacking has become more sophisticated so has your risk. 128 is not sufficient. In fact, they now have 256 bit encryption. Is that enough? I’ll tell you after this other bit of encryption.
Again, you Say “MY POS is Encrypted.” Still Not Good Enough.
In the case of the 41 million stolen credit cards. These companies were specifically attacked. The wardrivers learned about the point of sale systems of these specific locations. Don’t fall into the complacent behavior, thinking having a Brand Name POS and an expesive Computer Network Team means you are secure. Technology is more often about ingenuity then money, especially when it comes to terrorist style attackers. So can you rely on your POS Encryption? No. Given time, if hackers get your data, they will do everything they can to get your customer’s credit card information. They will succeed, or sell it to some other hacker who will. Therefore, don’t count on your POS Encryption, no matter what. Have I stressed this enough?
So you can’t prevent an attack. What can you do?
As I said before, “Just because you are attacked, doesn’t mean you are vulnerable.” What can you do differently:
1. Stop counting on those who tell you are secure. There are two ways to do this: Always rely on your own research; or have two teams, one for auditing or side by side installations of networks and Point of Sale setup.
2. Get rid of Wireless for your Main POS System, and any system that stores sensitive data. If you must have wireless, order two networks. Separate them. Having one router connected to another as a firewall is not a guarantee of separation of your wireless from your hardwired system.
3. Purge Purge Purge. Change how you operate so that you can purge sensitive data from your local POS System. If your Customer Service Department HAS to retrieve credit card numbers, there are other ways. Cafe Cartel Systems has them, does your current POS System?
4. Store all Historical credit card data on a closed system network, or offline.
5. Don’t forget that technology changes, and you have to keep up with the times.
6. Encryption is only good for a short burst, like on the internet.
7. Subscribe to the www.cafecartel.com Blog RSS feed, because we will continue to offer more security tips in more articles.
What is WarDriving?
War Driving has been around since wireless was invented. War driving is a mobile attack method used by hackers. Hackers will drive in their car or van around businesses, using a wireless devices to locate wireless access points, i.e. your POS network. The War part is when they attack your computer system. So what can you do about it?
[blockquote]Fun Fact: Did you know that laws were changed several years ago making it illegal to even go on a network you aren’t invited to? When encryption became popular, network engineers would drive through businesses looking for vulnerable networks. Once they would find them, they would then contact the company and sell networking services to them. These engineers would charge hundreds of dollars simply for enabling network encryption.[/blockquote]
What about Encryption? It protects you, right?
Encryption means you are secure. No. For what we are discussing here, static content, encryption is a passive method for security. There are still good uses for encryption out there, I’m not saying encryption is useless. However if you have static passwords and static storage of information, such as encrypted POS databases, encryption is basically useless.
How to Lower the Risk your Wireless Router Causes.
It used to be you could encrypt and password protect your network, then you’d be safe and happy. Your engineer told you “128 Bit, it’s safe.” But as hacking has become more sophisticated so has your risk. 128 is not sufficient. In fact, they now have 256 bit encryption. Is that enough? I’ll tell you after this other bit of encryption.
Again, you Say “MY POS is Encrypted.” Still Not Good Enough.
In the case of the 41 million stolen credit cards. These companies were specifically attacked. The wardrivers learned about the point of sale systems of these specific locations. Don’t fall into the complacent behavior, thinking having a Brand Name POS and an expesive Computer Network Team means you are secure. Technology is more often about ingenuity then money, especially when it comes to terrorist style attackers. So can you rely on your POS Encryption? No. Given time, if hackers get your data, they will do everything they can to get your customer’s credit card information. They will succeed, or sell it to some other hacker who will. Therefore, don’t count on your POS Encryption, no matter what. Have I stressed this enough?
So you can’t prevent an attack. What can you do?
As I said before, “Just because you are attacked, doesn’t mean you are vulnerable.” What can you do differently:
1. Stop counting on those who tell you are secure. There are two ways to do this: Always rely on your own research; or have two teams, one for auditing or side by side installations of networks and Point of Sale setup.
2. Get rid of Wireless for your Main POS System, and any system that stores sensitive data. If you must have wireless, order two networks. Separate them. Having one router connected to another as a firewall is not a guarantee of separation of your wireless from your hardwired system.
3. Purge Purge Purge. Change how you operate so that you can purge sensitive data from your local POS System. If your Customer Service Department HAS to retrieve credit card numbers, there are other ways. Cafe Cartel Systems has them, does your current POS System?
4. Store all Historical credit card data on a closed system network, or offline.
5. Don’t forget that technology changes, and you have to keep up with the times.
6. Encryption is only good for a short burst, like on the internet.
7. Subscribe to the www.cafecartel.com Blog RSS feed, because we will continue to offer more security tips in more articles.
| 15 |
| Vote |
Subscribe to this blog
