The threat of Attack on Point-Of-Sale (POS) systems
In the retail world, the threat of attack on Point-Of-Sale (POS) systems is always high, as they are a prime target for the bad actors trying to get credit card information. There is always new malware being created to try to get that information. There are, however, steps that can be taken to reduce the risk, even with regards to the latest attack software.
The best thing that you can do is to isolate your servers and workstations as much as possible. In an ideal world, these would be completely isolated, and not interact with any other systems. The reality is that this is very rarely the case. With that in mind, let’s look at some things that can be done.
The first step is to make sure that your firewall is as restrictive as possible. Your POS workstations and server if needed should only be restricted to accessing what is absolutely needed. In most cases, this is only your credit card processor. In no case, should your firewall allow either the workstations or the server, unrestricted access to the internet? The firewall will eliminate the chance for drive-by downloads, or users browsing to malicious sites.
Along those lines, any computers that are used for general internet browsing, and also email, should be on a separate network. If it is not possible to implement workstations on a separate physical network, at least use a different logical network as in a different network address range. Even just the different logical network, will stop the majority of malware infections.
If remote access is needed, and it should be restricted to those cases where it truly is needed such as your support company, then it should be restricted to only those addresses that have a legitimate reason to connect. Also, any such connections should be closely monitored. One such method is to disable the remote access software, and only enable it when your support personnel is actively connecting. Of course, it is again disabled as soon as they are finished.
Those cover the basics of securing your POS system. It is a good place to start, but it is only a start. Keeping software updated, training personnel, and keeping vigilant are always key components, also.
Dave