Java Reference
In-Depth Information
deployed in certain key areas of the stores. Panthera has planned similar physical security controls
for their headquarters.
4.1.4.2 Network Security
Network security for a large merchant operation like Panthera is an important consideration.
Panthera has several stores spread all over the West Coast of the United States. he stores connect
to Panthera's headquarters in Cupertino, California, which houses Panthera's network operations
center and datacenter, from where all network devices and servers are managed. he POS (billing
servers) servers at the stores synchronize with the central POS server in the Cupertino location.
Panthera's retail operations are connected over an MPLS network. he datacenter in Cupertino
also hosts the e-commerce Web server and the database server, apart from the POS billing server
and database server. Panthera's IT security team must ensure that all the network devices like the
irewalls, routers, and so on are conigured with strong rules or access control lists to ensure that
only traic necessary for business is allowed in or out of the network. Coniguration of the devices
is also a critical requirement. Default usernames and passwords must be removed, administration
of the devices must be done over encrypted channels (SSH, HTTPS), and the devices need to be
updated with the latest irmware and patches to ensure that any vulnerabilities in the previous ver-
sions of the device are ixed. Panthera also needs to ensure that its intrusion prevention system is
equipped with the latest signatures for attacks and that alerts from the intrusion prevention system
are actively investigated. Wireless networks are also a bone of contention for Panthera's operations.
Wireless access points need to be conigured for optimal security. Panthera has decided to upgrade
the encrypted transmission requirements to WPA2 from WEP.
*
4.1.4.3 Host Security
Panthera has decided to adopt a stringent host security program for securing all the operating
systems in their environment. Host security is an extremely important aspect of Panthera's overall
security program. Operating systems need to be protected against viruses and malware. In addi-
tion, several other security measures like
operating system hardening
†
need to be adopted to ensure
that the operating systems are not vulnerable to attacks. Panthera is also deploying a log manage-
ment solution to collect logs from all operating systems and network devices and collate them in
a centralized log server. his log management application will also be conigured to raise alerts in
case of any anomalous activity detected in these systems. File integrity monitoring applications
shall also be deployed for the operating systems to ensure that the tampering of sensitive iles in
the operating system will be raised as alerts, which would be actively investigated and ixed. Patch
management is also an important consideration for operating systems. Patches are released peri-
odically for all the operating system platforms by their development organizations. hese patches
need to be tested in a
staging environment
, a specialized environment (other than the production
*
WEP and WPA/WPA2 are wireless network security encryption algorithms, which allow the traic in the
wireless network to be encrypted and users without the valid keys to be unable to log in to the network. WEP
has been proven to be a nonsecure algorithm, and WPA/WPA2 has been recommended for use in wireless
networks.
†
Hardening of an operating system is a process by which the unnecessary or nonsecure services of an operating
system are disabled or removed, thereby ensuring that an operating system is not as susceptible to attack. For
instance, Telnet is known to be a nonsecure protocol. Disabling Telnet can reduce the chances of attackers try-
ing to exploit the many weaknesses of the protocol.
Search WWH ::
Custom Search