ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    IT/Physical Security

    Scheduled Pinned Locked Moved Water Closet
    36 Posts 7 Posters 7.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by A Former User

      So, the company I am doing temp work for had a bit of a scare last night when one of the retail locations was robbed. They did not hurt anyone, nor did where they trying to steal money.

      They were trying to use the cash registers to get data it seems (or so we think). Luckily we have 24/7 IT monitor and good IPS & IDS. We just disconnected the site.

      We had a meeting about this, while you can't get anywhere what happens if something like this where to occur while a manager was logged in to something that can get more details about stuff etc etc. of course we have monitoring.

      What they are thinking about doing is upgrading the alarm buttons at stations (the silent things that call police) and integrating them into the IT system so it would:

      1.) Call police with a land line or fail over to cellular.
      2.) lock all computer & cash registers.
      3.) disconnect the VPN and wipe config off the router.
      4.) To protect employees cash register drawers would auto-unlock for thieves to get.

      What are your thoughts on this plan?

      dafyreD 1 Reply Last reply Reply Quote 3
      • MattSpellerM
        MattSpeller
        last edited by

        3.) disconnect the VPN and wipe config off the router.

        Get an internet aware power bar and just signal it to power off. Plug your router / modem / important bits into it.

        ? 1 Reply Last reply Reply Quote 1
        • dafyreD
          dafyre @A Former User
          last edited by

          @thecreativeone91 Wouldn't wiping the router be a bit much?

          scottalanmillerS ? 2 Replies Last reply Reply Quote 1
          • ?
            A Former User @MattSpeller
            last edited by

            @MattSpeller said:

            3.) disconnect the VPN and wipe config off the router.

            Get an internet aware power bar and just signal it to power off. Plug your router / modem / important bits into it.

            We have them. We just don't want the power to be the defense as the thieves must be getting smarter and would plug it back in. also no modem there it's fiber. Just a router.

            dafyreD MattSpellerM 2 Replies Last reply Reply Quote 0
            • dafyreD
              dafyre @A Former User
              last edited by

              @thecreativeone91 said:

              @MattSpeller said:

              3.) disconnect the VPN and wipe config off the router.

              Get an internet aware power bar and just signal it to power off. Plug your router / modem / important bits into it.

              We have them. We just don't want the power to be the defense as the thieves must be getting smarter and would plug it back in. also no modem there it's fiber. Just a router.

              Restoring the config and what-not would require a visit to the remote location, wouldn't it?

              1 Reply Last reply Reply Quote 0
              • scottalanmillerS
                scottalanmiller @dafyre
                last edited by

                @dafyre said:

                @thecreativeone91 Wouldn't wiping the router be a bit much?

                I agree. What good does having a router do?

                1 Reply Last reply Reply Quote 0
                • ?
                  A Former User @dafyre
                  last edited by

                  @dafyre said:

                  @thecreativeone91 Wouldn't wiping the router be a bit much?

                  I suppose in theory but, there is a lot of information to be gained from looking at router configs and firewall ACLs.

                  dafyreD 1 Reply Last reply Reply Quote 1
                  • MattSpellerM
                    MattSpeller @A Former User
                    last edited by

                    @thecreativeone91 only extremely stupid thieves would physically break into a store to get access to an endpoint to then hack. Off the top of my head I can think of several better approaches and I'm no security expert / thief.

                    scottalanmillerS ? 2 Replies Last reply Reply Quote 0
                    • dafyreD
                      dafyre @A Former User
                      last edited by

                      @thecreativeone91 said:

                      @dafyre said:

                      @thecreativeone91 Wouldn't wiping the router be a bit much?

                      I suppose in theory but, there is a lot of information to be gained from looking at router configs and firewall ACLs.

                      This is true.

                      1 Reply Last reply Reply Quote 0
                      • scottalanmillerS
                        scottalanmiller @MattSpeller
                        last edited by

                        @MattSpeller said:

                        @thecreativeone91 only extremely stupid thieves would physically break into a store to get access to an endpoint to then hack. Off the top of my head I can think of several better approaches and I'm no security expert / thief.

                        Yeah, not the best people likely to be doing this.

                        1 Reply Last reply Reply Quote 0
                        • ?
                          A Former User @MattSpeller
                          last edited by

                          @MattSpeller said:

                          @thecreativeone91 only extremely stupid thieves would physically break into a store to get access to an endpoint to then hack. Off the top of my head I can think of several better approaches and I'm no security expert / thief.

                          We are very hardened from the outside so I suppose they thought this was the only way.

                          MattSpellerM 1 Reply Last reply Reply Quote 0
                          • dafyreD
                            dafyre
                            last edited by

                            If they had physical access to the cash registers, it could be they were able (or were attempting to) install some type of Malware on the system, yea?

                            ? 1 Reply Last reply Reply Quote 0
                            • MattSpellerM
                              MattSpeller @A Former User
                              last edited by MattSpeller

                              @thecreativeone91 If they get in could they actually get access to banking stuff? I don't get why you'd be concerned about them accessing your stuff.

                              Edit: again, just a noob asking questions - genuinely curious.

                              ? 1 Reply Last reply Reply Quote 0
                              • ?
                                A Former User @dafyre
                                last edited by

                                @dafyre said:

                                If they had physical access to the cash registers, it could be they were able (or were attempting to) install some type of Malware on the system, yea?

                                Maybe until they realize we are running linux based POS. but they couldn't anyway if they tried.

                                dafyreD 1 Reply Last reply Reply Quote 0
                                • NicN
                                  Nic
                                  last edited by

                                  That button would make for an epic rage-quit.

                                  ? 1 Reply Last reply Reply Quote 2
                                  • ?
                                    A Former User @MattSpeller
                                    last edited by

                                    @MattSpeller said:

                                    @thecreativeone91 If they get in could they actually get access to banking stuff? I don't get why you'd be concerned about them accessing your stuff.

                                    Edit: again, just a noob asking questions - genuinely curious.

                                    Banking no, credit card but would be hard. Credit card info (as far as the whole number) is stored in the Data center payment processing systems only until the payment clears and then after that it is removed. only the last four is stored along with the name after that (for returns and such). If you save save your CC in your account online it's stored in a non reversible encryption. Neither we nor you can see the card number more than the last four digits. you can only use it or remove it.

                                    1 Reply Last reply Reply Quote 0
                                    • ?
                                      A Former User @Nic
                                      last edited by

                                      @Nic said:

                                      That button would make for an epic rage-quit.

                                      I know right. It's a felony offense to push them already. It does currently allow drawers to be opened without manager approval for employee safety and call the police.

                                      1 Reply Last reply Reply Quote 1
                                      • dafyreD
                                        dafyre @A Former User
                                        last edited by

                                        @thecreativeone91 If they have physical access to your system, you can never be 100% sure of anything. I know of tools that will allow you to boot a computer from USB or CD or $otherstoragemedia and log in with any username and password you want. It works both with Windows and Linux.

                                        ? 1 Reply Last reply Reply Quote 0
                                        • MattSpellerM
                                          MattSpeller
                                          last edited by

                                          I still don't understand wtf they would be doing messing with the registers when they could be taking the cash. If they wanted user data, shit, it's available by the gigabyte on forums for pennies. Usually WITH credit card info. I'd watch the cams carefully and see if they were just idiots trying to get the drawer to eject.

                                          None of this adds up for me.

                                          I think your security setup sounds kick ass.

                                          ? 1 Reply Last reply Reply Quote 0
                                          • ?
                                            A Former User @dafyre
                                            last edited by

                                            @dafyre said:

                                            @thecreativeone91 If they have physical access to your system, you can never be 100% sure of anything. I know of tools that will allow you to boot a computer from USB or CD or $otherstoragemedia and log in with any username and password you want. It works both with Windows and Linux.

                                            They couldn't boot to another media on these easily. It's blocked. And they don't have CD rom Drives. USB ports are disabled.

                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 2 / 2
                                            • First post
                                              Last post