In general, securing services and protocol requires retailers to take the following actions:
Control physical and electronic access to the systems that handle sensitive data.
Provide regularly scheduled auditing of network and network component activity.
Deactivate unnecessary operating system components and securely configure those that remain active.
This appendix highlights some of the network and hardware security considerations for the application. It includes the following sections:
For information about Oracle Coherence, see http://docs.oracle.com/middleware/1213/coherence/index.html.
Protecting the application data on the network is accomplished through the use of multiple security techniques. This is sometimes referred to as a Defense in Depth strategy, where each security technique helps to mitigate the risk of one component of the defense being compromised or circumvented. Depending upon the business and technological needs of each retailer, consider the following best practices for operating a network securely:
Segment the network—The physical network is composed of isolated parts, divided along the different security and management needs of individual applications.
The network configuration should include a private network for the application, making it impossible to connect to the Internet.
Control access to routers and switches—Create a platform-specific minimum configuration standard for all routers and switches that follow industry best practices for security and performance.
Utilize firewalls—Hardware firewalls should utilize explicit rules tuned to the services and ports needed by the applications served by the network.
Secure the wireless network—Enforce encryption and require certificate-based authentication.
Control physical access to networks and network devices.
Use a centralized system for authentication and authorization that provides each user with unique and strongly protected credentials.
Obscure the purpose of network resources through the use of naming conventions.
Implement a strategy for monitoring and auditing network access and activity.
Retailers must take precautions to ensure that any user with malicious intent cannot gain physical access to networks and devices. All equipment involved in the application activity must be physically secured, including cables and equipment housings. The client systems must be configured to automatically lock when left alone and must require a password that conforms to the password policy guidelines to unlock the register.
Systems running the database and application servers must routinely be audited for signs of compromise. Processes and procedures must exist to detect the installation and execution of unauthorized routines. Application and operating system logs should be fully utilized. Determining the cause of a compromise is extremely difficult without system activity details.
Systems no longer in use, or temporarily stored, must be properly scrubbed of data. Your equipment vendor can provide the steps necessary to render the device data storage useless to an attack.