• No results found

Host-based Protection for ATM's

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Host-based Protection for ATM's"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Host-based Protection for ATM's

Who should read this paper

Who should read this paper

ATM manufacturers, system integrators and operators.

:

(2)

Content

Introduction . . . 1

Symantec™ Embedded Security: Critical System Protection. . . 1

System Hardening and Application Control. . . 2

Intrusion Detection. . . 2

Deployment . . . 2

Beyond Host-based Protection. . . 2

(3)

Introduction

Automated Teller Machines (ATM's) are one of the most highest value customer touch points in in the banking industry. Customers are demanding extra services and more user-friendly interfaces. Banks are demanding more cost effective solutions for interfacing with their customers. ATM’s now need increased flexibility to meet customer expectations and so are becoming more capable and connected than ever before.

Providing a direct interface to cash inevitably makes ATM’s a target in a numerous and sophisticated ways with new methods being regularly exposed. Attack methods extend from physical (such as skimming and pin cameras) to virtual through malware. Above all, the customer must trust the ATM. Assuring integrity from the very start of the supply chain through to the installers and operators are essential.

Banks and ATM operators must protect their ATM's and meet their compliance obligations for operating in a heavily regulated industry sector. But doing so can be challenge. ATM's can be considered a single use device, they have a dedicated function, run a specific application with predictable input and output. Yet ATM's are frequently built using common operating systems such as Microsoft Windows, capable of so much more than required. They are subject to vulnerabilities and often exploited in similar fashion to a laptop or workstation.

Symantec™ Embedded Security: Critical System Protection

Symantec™ Embedded Security: Critical System Protection can help. It provides a policy-driven host based, least privilege approach to endpoint security and compliance.

Symantec™ Embedded Security: Critical System Protection has two enforcement components that can be independently activated on ATM systems, prevention and detection. The prevention component has proactive enforcement rules that can stop malicious activity before it occurs, the detection component monitors for system activity as it occurs and can trigger event based actions. Both components provide granular control over logging using policy settings to give visibility into actionable events as well as the efficient management of high volume events necessary for regulatory or forensic purposes. Thus, in combination, the two components provide unique capabilities to both secure a system and to address regulatory compliance requirements. This includes regulations such as PCI-DSS that requires companies to deploy file integrity monitoring for critical system and application files changes. Detecting that an important operating system binary like svchost.exe was recently modified is very different from preventing the modification in the first place. Symantec™ Embedded Security: Critical System Protection lets you configure and use both detection and prevention as needed to address your auditing, compliance, and security requirements.

Pro

Protectiontection DetectionDetection

Intrusion Prevention Real-Time Monitoring & Auditing

Intrusion Detection Intrusion Detection

System Hardening File Integrity Monitoring

Application Whitelisting Configuration Monitoring

Application Sandboxes User Access Tracking

Vulnerability & Patch Mitigation Logging & Event Reporting

1

(4)

System Hardening and Application Control

Controlling what applications can run on your ATM devices is one of the most vital steps to protecting against unauthorized access and attack. Symantec™ Embedded Security: Critical System Protection policies provide thousands of pre-built rules that comprehensively monitor and harden the operating system of enterprise systems and require minimal tuning. Memory controls detect buffer overflows and unusual memory allocation and permissions complimenting an effective device hardening strategy. Single use devices such as ATM terminals perform predictable functions, meaning the device should always be in a known state, with known applications performing known behavior

Symantec™ Embedded Security: Critical System Protection can be configured to enforce application whitelisting, ensuring only predefined programs can be executed with specific attributes controlling the manner in which they are called. Furthermore, program execution can be contained within a sandbox, allowing strict control over the behavior of the application. This is particularly useful where operating system permission levels allow unnecessary actions to be carried out. Privilege de-escalation can be configured, ensuring that even an Admin user account can have its ability constrained to the minimum functions necessary for the device purpose.

Adding another layer of security to your defenses, Symantec™ Embedded Security: Critical System Protection provides rules based system level and as well application level firewalls to block network-based attacks against your ATM's. The firewall lets you restrict which

applications on ATM systems can communicate on the network, which ports they can use, and what they are allowed to talk to. To circumvent network restrictions and application controls, some cybercriminals will try to steal credit card data through physical access to an ATM. As ATM's become more advanced with computer-like characteristics, the methods for unauthorized physical access often increases. Symantec™

Embedded Security: Critical System Protection enables you to block and granularly control devices connected to your ATM systems' communication interfaces, such as USB ports. It can prevent all access to a port or only allow access from certain devices.

Intrusion Detection

The Symantec™ Embedded Security: Critical System Protection detection policies monitor files, settings, events and logs, and report anomalous behavior. Features include sophisticated policy-based auditing and monitoring; log consolidation for easy search, archival, and retrieval; advanced event analysis and response capabilities. To further harden the device it provides a combination of file integrity monitoring and registry integrity monitoring.

Deployment

Symantec™ Embedded Security: Critical System Protection can be deployed in managed and standalone mode. This is particularly useful for device manufacturers who create an out of the box security policy for their product ensuring the device is adequately hardened from the moment it is activated. Manufacturers, integrators and device operators may choose to deploy the agent after market on devices being newly deployed or previously installed. Administrators can opt for configurations where the agent will communicate with the management console for policy updates and reporting providing real time visibility of your security posture. Symantec™ Embedded Security: Critical System Protection supports modular installation of components, deploying only the code required to perform the protection and/or detection functions as defined in the agent configuration. This allows manufacturers and device operators to efficiently deploy in resource-constrained environments.

Beyond Host-based Protection

Controlling what can and can’t be run on a machine is only part of the ATM protection story. Best practices like code signing and protection, secure management, authentication and encryption all play a part in a robust ATM security strategy. To find out more about protecting ATM’s and single use devices visithttp://www.symantec.com/iot

2

(5)

About Symantec

Symantec Corporation (NASDAQ: SYMC) is an

information protection expert that helps people,

businesses and governments seeking the freedom

to unlock the opportunities technology brings –

anytime, anywhere. Founded in April 1982,

Symantec, a Fortune 500 company, operating one

of the largest global data-intelligence networks, has

provided leading security, backup and availability

solutions for where vital information is stored,

accessed and shared. The company's more than

19,000 employees reside in more than 50

countries. Ninety-nine percent of Fortune 500

companies are Symantec customers. In fiscal 2015,

it recorded revenues of $6.5 billion. To learn more

go to www.symantec.com or connect with Symantec

at: go.symantec.com/socialmedia.

For specific country offices

and contact numbers, please

visit our website.

Symantec World Headquarters

350 Ellis St.

Mountain View, CA 94043 USA

+1 (650) 527 8000

1 (800) 721 3934

www.symantec.com

Copyright © 2015 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, and the Checkmark Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

9/2015 21359121

References

Download now ( PDF - 5 Page - 534.05 KB )

Related documents

Neonatal hearing screening services at primary health care clinics in Gauteng.

The aim of the research project is to identify the current hearing screening practices as conducted by nurses at primary health care clinics in Gauteng; and to review the

Data Protection McAfee s Endpoint and Network Data Loss Prevention

McAfee Host Data Loss Prevention Protection Rules Application File Access Protection Clibboard Protection E-Mail Protection File System Protection Web Post Protection Network

Degree Key System. Technical Manual

The patented Degree system from SARGENT provides the right level of security for each opening in your facility Three levels of ANSI/ BHMA Grade 1 protection, from patented

PREJUDICE: NATURE AND COMPONENTS

A hostile or negative attitude toward people in a distinguishable group based solely on their membership in that group; it contains cognitive, emotional, and behavioral

Did the refugee crisis a ect local property prices? The case of temporary housing sites in Gothenburg.

The economic interpretation is that apartments located within 1 km from a temporary housing site on average have been sold for 2,30 % less after the announcement compared to

FIREWALLS CHAPTER The Need for Firewalls Firewall Characteristics Types of Firewalls

application-level gateway bastion host circuit-level gateway distributed firewalls DMZ firewall host-based firewall IP address spoofing IP security (IPsec) packet filtering

G r a p h i c a l A p p l i c a t i o n D e v e l o p m e n t w i t h B o n i t a S t u d i o

When the fields of the Form(s) for a step are defined, a default page template is generated by Bonita Open Solution and linked with an html file that directs how the Form is to be

Countering Insider Threats Jeremy Ho

Brightmail Message Security Traffic Shaping Anti-Spam / Virus Critical System Protection HIPS / HIDS Anti-Virus Critical System Protection HIPS / HIDS Anti-Virus