Following our recent webinar on “Segmenting Your Network for Security: The Good, the Bad and the Ugly”, our own CTO, Professor Wool, has produced a new “security management 201” video, where he provides his own tips on how to define network segmentation and security zoning.
As we have recently seen in the news, Point-of-Sale (PoS) systems become a prime target for hackers. While debit and credit card transactions have increase exponentially every year, security of PoS devices is just catching up. In light of these breaches and in conjunction with my current blog series on PCI Requirement 1, here are a few tips to help you secure your PoS systems and comply with PCI.
A couple of weeks ago Mark Wolfgang, CEO of Shorebreak Security gave a fascinating webinar on a recent engagement where his organization undertook a pen test of a major metropolitan city complex. As part of the test they found that they could gain access to the employee card reader system – a system that controlled access to the police gun lockers, evidence lockers, holding cells, narcotics vault, guard workstations, the mayor’s office, server rooms – basically any door in the entire city complex!
It goes without saying that security is the cornerstone of any organization today. This includes ensuring access to corporate data is secured, connectivity to the data center from both internal and external users is secured, and that critical security updates are installed. Now comes the big question: what if you have to migrate your security policy to a new platform?
So you’re going through a PCI assessment for the first time and you start reading through the requirements mandated by your Qualified Security Assessor (QSA) and the PCI Council auditor. Naturally you start with the first Requirement: Install and maintain a firewall configuration to protect cardholder data. Well you have a firewall installed and the last time you checked there were rules configured, so you can just move on to requirement 2, right? Wrong! This Requirement can make or break your assessment. Without the proper configurations, audit tracking and proof of compliance, etc. you’re going to be hard pressed to pass it.
We’re at the stage where modern enterprises now directly rely on their data center to run their businesses. And security – protecting what’s actually living in the data center – is one of the most critical issues for businesses today. So how do you control security? How do you create a process to manage change within security policies?