14 ways for retailers to tighten computer security
Published: January 3, 2006
The following tips were taken from the Microsoft Securing the retail store white paper. Review the white paper for more details about each of these suggestions.
1. Don't store sensitive data. Payment card sensitive authentication data and the full tracks of magnetic stripes do not need to be stored. Read the article Retailers learn solutions to new challenges of computer security.
2. Consider segmenting data (that is, isolating the network traffic that flows between communications systems) much like you do when segmenting a network.
3. Filter traffic at the router level using router access control lists. This filters out certain types of traffic that should not enter or leave a particular subnet under any circumstances.
4. Deploy Internet Protocol Security (also known as IPsec). This framework of open standards helps to promote private, security-enhanced communications over Internet Protocol (IP) networks by using cryptographic security services. Read the Step-by-step guide to Internet Protocol Security (IPsec).
5. Learn to enhance the security of your wireless networks and help to prevent valuable information from falling into the hands of hackers who are looking for vulnerable systems. Read a guide to wireless security.
6. Deploy Network Access Protection (NAP), a policy enforcement platform built into the Microsoft Windows Vista and Windows Server operating systems. NAP allows you to better protect network assets from unhealthy computers by enforcing compliance with network health policies. Read Introduction to network access protection.
Tighten the security of your system
7. Centralize the policy management of clients and servers. Centralization reduces the labor-intensive task of manually configuring each client computer while providing a mechanism to quickly and efficiently update client computers. See Group policy collection.
8. Deploy digital certificates and public key encryption to provide an enhanced level of authentication and privacy. See Best practices for implementing a Microsoft Windows Server 2003 public key infrastructure.
9. Disable unused services and limit the authority of service accounts leveraged by required services. See Securing your Web server.
10. Consider using a host-based firewall. This can help protect individual devices even when a device on the same network has been compromised. See Microsoft firewall reference guide.
Manage for security
11. Upgrade your patch management to include the process of predicting, planning, testing, and implementing any type of technology update whether the update pertains to functionality changes, security risk remediation, or product-specific code changes.
12. Create an advanced system to notify you that fraudulent or malicious activity is occurring. The system should include auditing, monitoring, reporting, and proactive remediation functions.
13. Create a system to identify problems and issues before they become critical. Don't rely on the software distribution system. It doesn't provide feedback or notifications about the condition of various systems, including point of sale registers, kiosks, and wireless devices.
14. Regularly audit and test your system. Make sure you back up your work. If you don't test, you might find that you're relying on a system that doesn't work.
