IT/Physical Security

@thecreativeone91 Wouldn't wiping the router be a bit much?

I suppose in theory but, there is a lot of information to be gained from looking at router configs and firewall ACLs.

MattSpeller

@thecreativeone91 only extremely stupid thieves would physically break into a store to get access to an endpoint to then hack. Off the top of my head I can think of several better approaches and I'm no security expert / thief.

dafyre

@thecreativeone91 said:

@dafyre said:

@thecreativeone91 Wouldn't wiping the router be a bit much?

I suppose in theory but, there is a lot of information to be gained from looking at router configs and firewall ACLs.

This is true.

scottalanmiller

@MattSpeller said:

@thecreativeone91 only extremely stupid thieves would physically break into a store to get access to an endpoint to then hack. Off the top of my head I can think of several better approaches and I'm no security expert / thief.

Yeah, not the best people likely to be doing this.

@MattSpeller said:

@thecreativeone91 only extremely stupid thieves would physically break into a store to get access to an endpoint to then hack. Off the top of my head I can think of several better approaches and I'm no security expert / thief.

We are very hardened from the outside so I suppose they thought this was the only way.

dafyre

If they had physical access to the cash registers, it could be they were able (or were attempting to) install some type of Malware on the system, yea?

MattSpeller

@thecreativeone91 If they get in could they actually get access to banking stuff? I don't get why you'd be concerned about them accessing your stuff.

Edit: again, just a noob asking questions - genuinely curious.

@dafyre said:

If they had physical access to the cash registers, it could be they were able (or were attempting to) install some type of Malware on the system, yea?

Maybe until they realize we are running linux based POS. but they couldn't anyway if they tried.

Nic

That button would make for an epic rage-quit.

@MattSpeller said:

@thecreativeone91 If they get in could they actually get access to banking stuff? I don't get why you'd be concerned about them accessing your stuff.

Edit: again, just a noob asking questions - genuinely curious.

Banking no, credit card but would be hard. Credit card info (as far as the whole number) is stored in the Data center payment processing systems only until the payment clears and then after that it is removed. only the last four is stored along with the name after that (for returns and such). If you save save your CC in your account online it's stored in a non reversible encryption. Neither we nor you can see the card number more than the last four digits. you can only use it or remove it.

@Nic said:

That button would make for an epic rage-quit.

I know right. It's a felony offense to push them already. It does currently allow drawers to be opened without manager approval for employee safety and call the police.

dafyre

@thecreativeone91 If they have physical access to your system, you can never be 100% sure of anything. I know of tools that will allow you to boot a computer from USB or CD or $otherstoragemedia and log in with any username and password you want. It works both with Windows and Linux.

MattSpeller

I still don't understand wtf they would be doing messing with the registers when they could be taking the cash. If they wanted user data, shit, it's available by the gigabyte on forums for pennies. Usually WITH credit card info. I'd watch the cams carefully and see if they were just idiots trying to get the drawer to eject.

None of this adds up for me.

I think your security setup sounds kick ass.

@dafyre said:

@thecreativeone91 If they have physical access to your system, you can never be 100% sure of anything. I know of tools that will allow you to boot a computer from USB or CD or $otherstoragemedia and log in with any username and password you want. It works both with Windows and Linux.

They couldn't boot to another media on these easily. It's blocked. And they don't have CD rom Drives. USB ports are disabled.

@MattSpeller said:

I still don't understand wtf they would be doing messing with the registers when they could be taking the cash. If they wanted user data, shit, it's available by the gigabyte on forums for pennies. Usually WITH credit card info. I'd watch the cams carefully and see if they were just idiots trying to get the drawer to eject.

I suppose it's possible. The current system still requires you to hit the "open cash" button even once it's pushed but will do so without a transaction or manager override.

They were also trying to use a USB drive (but couldn't). And also figure out (probally by chance) how to close the Linux GUI and get to terminal. where they typed some random stuff much of which did nothing aside from a few pings.

Now we get to explain to them why we don't need the other stuff happing. Management really wants the sites somehow disconnected when the buttons are pushed.

scottalanmiller

you can do that from the central site.

@scottalanmiller said:

you can do that from the central site.

Yeah we do currently if we need to, just not automated.

JaredBusch

It really seems like they are simply throwing money away fighting a nearly non-existent threat. Wiping a router? Really?

When you take security to such a level that it becomes intrusive to getting work done, you are intentionally trying to drive your business under.

scottalanmiller

@JaredBusch said:

When you take security to such a level that it becomes intrusive to getting work done, you are intentionally trying to drive your business under.

Exactly. Who is the bigger thread, the "hackers" who failed of the managers doing tangible damage?