4690 OS Security Functions Including Hardware, and ACE

Security and POS Best Practices Peter Harris – [email protected] Product Line Manager Session Overview

Are you leveraging best practices to ensure the inherent security of 4690? Attend this informative session to learn what they are and how they can be applied. Agenda

. 4690 OS Security Functions including Hardware, and ACE . Best Practices . 4690 OS Security Case Study Who is next… 4690 SECURITY FUNCTION 4690 OS - a track record of success in retail

TGCS 4690 Embedded Linux based Operating System is the premier point-of-sale platform in the retail industry today, delivering broad functionality and remarkable reliability. . Designed specifically for retail store environments ‒ Reliable, secure and flexible ‒ Thin Client

. Rock solid performance ‒ Approaching 1 million installations worldwide

. Smallest footprint of any proven retail operating system today

. Dial-tone reliability – trusted 24 x 7 x 365

. 16 of the top 25 retailers run 4690 OS 4690 OS – Data Integrity and Security

• Data Integrity – Guaranteed data writing – Mirrored file capability – Totals retention – Terminal storage retention

• Security – Multilevel access authorization – Enhanced user security with V5 & V6 • OpenSSH, Secure Telnet, Secure FTP – Directory Services with V6.3 – Whitelisting and File Integrity Monitoring with V6.5 TGCS Security Bulletins

. TGCS Security Workgroup Communications – Controlled Distribution to 4690 OS Entitled Customers – Currently by Marketing Flash to TGCS Sales Team and Business Partners for Customer Delivery – Future Plan via Entitled Customer Only Web Portal Toshiba 4690 OS Security and Hardware . Terminal Hardware ‒ 4690 terminals don’t require a hard disk or CD-ROM ‒ No auto-run for devices in USB ports or CD-ROM ‒ Keylocks • Keyboard • Cash Drawer • Printer - Journal Station . Operator Authorization (Application) . Controller Hardware ‒ No auto-run for devices in USB ports or CD-ROM ‒ Controller only drives your POS front end ‒ Remote access: use Secure Shell (SSH) or Netop ‒ Console ID Security & FTP Lockout ‒ SSDs Toshiba 4690 OS Security . 4690 OS Architecture – Controls on File Management – Media-less terminals – Special Image Build Tools – Software Distribution Methods – Embedded Linux Layer is locked down

. Windows Programs will not execute on 4690 OS – Modern Win net protocols typically do not work with 4690 OS

. Limited pool of deep 4690 OS skills available in the marketplace WW – Hackers will have to acquire 4690 skills – Product Documentation removed from external website Security Functions in the 4690 Operating System

Enhanced Security Secure Delete

Directory Services / Open LDAP Encrypt Tool

SSH / SFTP MBrowser

Console ID Lockout / FTP ID Lockout Enhanced Menu

Netop SSD Support

Data Security for Payment Cards FIM

Command Line Logging White Listing / Audit / Block

SSL Certifications 4690 OS – Security . 4690 OS – No user access to 4690 Linux core – It’s not a general purpose OS – Multilevel access authorization – Whitelisting with V6.5

. Enhanced Security – Supports various password rules

. Directory Services / Open LDAP – Enterprise management of IDs and passwords 4690 OS – Whitelisting . File Integrity Monitor (FIM) – Customer creates base line of “golden” system – Customer periodically runs scans of store controllers, pulling results and comparing with previous scans for unexpected file changes . Whitelisting – Customer creates authorized program list using “offline scan” tool – Each file included on the Whitelist has a signature – Each open request verifies signature if the file is on the Whitelist and if signature matches • Report Exception Mode: Provides trace logging and system events for file status, but allows all opens to proceed • Protect Mode: Prevents execution of all files that do not match the signature. Files can be defined to always be blocked. BEST PRACTICES 4690 OS Security with ACE Cash Register/POS Security Action 4690/ACE Solution Capabilities Install Payment Application Security Standard- TGCS payment application are designed to the compliant payment applications. PA-DSS standard and reviewed by an independent assessor. The PCI website has the current list of validated applications. You will find ACE V7R3, V7R4, and V7R5 in the list of validated payment applications. https://www.pcisecuritystandards.org/ Deploy the latest version of an operating system • Toshiba monitors and incorporates latest Linux and ensure it is up to-date with security patches, security patches in 4690 Enhanced anti-virus software, file integrity monitoring, and • Toshiba monitors 4690 Classic issues for security a host -based intrusion-detection system. concerns • See below for File Integrity Monitoring (FIM) response Assign a strong password to security solutions to 4690 provides password hashing (SHA1) with an prevent application modification. update in 0F10 Perform a binary or checksum comparison to 4690 has a built-in Report Module facility that can ensure unauthorized files are not installed. be used as the first line of defense in terms of file integrity management. 4690 OS/ACE Security Best Practices Cash Register/POS Security Action 4690/ACE Solution Capabilities Ensure any automatic updates from third parties 4690 does not perform automatic updates for are validated. third party software Disable unnecessary ports and services, null • By default, ports and services are disabled, and sessions, default users and guests. have to be turned on by the administrator • 4690 does not support null sessions • Administrator responsibility to change default user/password Enable logging of events and make sure there is 4690 has extensive logging capabilities and a process to monitor logs on a daily basis. coupled with the RMA Data Capture software, logs can be automatically pulled back to a central location for further analysis Implement least privileges and ACLs on users • 4690 Enhanced applications do not have root and applications on the system privileges • 4690 provides fine-grained access control to OS menu options • Our applications provides additional per-user access control to actions Implement hardware-based point-to-point • ACE V7R4 and higher provides support for encryption TransArmor Verifone Edition (TAVE) Security / Compliance with Verifone and First Data . End-to-End Encryption – Verishield Protect – Encrypts data at swipe of card

. Tokenization - Transarmor (list of TAVE) – Protects card data and prevents it from entering the merchant environment – POS never holds actual card numbers from the transactions – Removing payment card data from POS removes it from PCI scope • Can reduce the scope of annual PCI audits by as much as 80% • Can reduce the time PCI compliance requires by as much as 50%

ACE supports First Data’s tokenization function for credit, debit, and EBT Food/Cash tenders Best Practices .Latest software (install security patches) .Limit/avoid shared passwords .Define network zones .Use multi-factor authentication .Define, set & adhere to permissions/access .Use the functions provided .Find the right partners .BE VIGILANT! 4690 OS SECURITY CASE STUDY 4690 OS Security Case Study

A 4690 OS customer hired a “white hat hacking” company to perform a penetration test of their live system.

They agreed to allow us to present the results, given that no identifying information be included. 4690 OS Penetration Test Results

1.Issue Title: Insecure Protocols Severity: Severe Description: telnet ftp enabled Vendor/TGCS recommendations: Enable SSH

2.Issue Title: Sensitive Information in Memory Dumps Severity: High Description: Card data in memory dumps Vendor/TGCS recommendations: Enable “Data Security” (V6R4) 4690 OS Penetration Test Results

3.Issue Title: Insufficient Server Hardening Severity: Severe Description: Unneeded services and ports available Vendor/TGCS recommendations: Create a standard configuration enabling only appropriate ports, services, etc.,

4.Issue Title: Insecure Password Policy Severity: Severe Description: No password rules enable. Vendor/TGCS recommendations: Enable “Enhanced Security” with appropriate password rules 4690 OS Penetration Test Results

5.Issue Title: Account Enumeration Severity: Medium Description: There are unique error messages for invalid ID and PW Vendor/TGCS recommendations: •SSH does provide single error message for invalid ID or PW •Control access to physical console: •Enable “Console ID lockout” to limit attempts 4690 OS Penetration Test Results

6.Issue Title: Predictable User Names Severity: Medium Description: IDs are too simple and easy to guess Vendor/TGCS recommendations: Implement a user procedure to create non-trivial IDs Case Study Conclusion

The findings were addressed in V6R4 or earlier

It is important to keep current with 4690 OS releases as security continues to evolve.

Please share with us feedback from security studies you have initiated.

Toshiba is prepared and ready to help you impalement 4690 Security Best Practices.