Contents

Title and Copyright Information

Preface

1 Simphony Security Overview

• Basic Security Considerations
• Service-Oriented Architecture (SOA)
• Authentication
  • Enterprise Management Console Authentication
  • Simphony Client Authentication
  • Point of Sale User Authentication
  • Running a Workstation Securely with Windows Standard Users
  • Database User Management
  • Oracle MICROS Hardware Support Account
  • Simphony Transaction Services Gen 2 Authentication
• Understanding the Simphony Environment
• Recommended Deployment Configurations
• Operating System Security
• Database Security
  • Oracle Database
  • Database Engine Not Present on Workstations (Windows-based Workstations only)
  • Database Engine Exists on Workstations (Windows-based Workstations only)
  • Database on Linux for MICROS Workstations

2 Performing a Secure Simphony Installation

• Pre-Installation Configuration
• Simphony Installation
• Multi-Factor Authentication
• Simphony MFA Configuration Prerequisite Requirement
• Simphony MFA Configuration During the Installation of Simphony
• Accessing the Simphony EMC Using MFA for the First Time
• Assigning MFA EMC Access Privileges
• Enrolling Users MFA Email Addresses and Passwords
• Setting the Max Allowed Failed Logins for EMC Access
• Configuring the SMTP and Backup SMTP Servers in the EMC
• Configuring Workstation Database Passwords in the EMC
• Post-Installation Configuration
  • Operating System
  • Application
  • Database Platform
  • Passwords Overview
  • Changing Default Passwords
  • Forgotten Password Recovery
  • Resetting Passwords from the Simphony Web Portal
  • User Profile Page
  • Configuring Security Questions
  • Configuring User Accounts and Privileges
  • Encryption Keys
  • Integrity Keys
  • Changing Database Passwords
  • Data Purging

3 Implementing Simphony Security

• Authorization Privileges
  • Roles
  • EMC Configuration
  • Employee IDs
  • Employee Levels
  • Employee Levels and Roles
  • Employee Level Configuration Best Practices
• Employee Groups
  • Configuration of Employee Groups
• Job Code Overrides
  • Configuring Job Code Overrides
• Workstation Security
  • Assigning Privileges to Allow Installing and Authenticating Workstation Clients
• Hardening Security for Workstation USB Ports
• Audit Trail
  • Audit Trail Search Parameters
  • Audit Trail Search Results
  • Other Audit Trail Considerations
  • Audit Trail Purging
• Encryption

4 Appendix A: Simphony Port Numbers

• Port Numbers
  • Enterprise Ports
  • Property Ports
  • Traffic Note
  • Interface Ports
  • iCare/Loyalty Ports
  • Oracle Component Ports

5 Appendix B: Module Accessibility

6 Appendix C: Key Manager Manual

• General Information
  • About the Simphony Encryption Key Manager Module
  • D-Secure Key Practices
  • Key Manager Security Enhancements
  • The Encryption Scheme
  • Operational Considerations
  • Periodic Key Rotation

7 Appendix D: Key Manager Module

• Operating Conditions
  • Authorizations
  • Key Manager Module
  • Changing the Pass Phrase

8 Appendix E: Simphony Payment Interface

• Configuration Requirements for PSP using Transport Layer Security (TLS) in EMC
  • No TLS Support
  • TLS Server Certificate Support