Secure Implementation Guide - SICOM Systems, Inc.

More documents

Recommendations

Info

3.5.1 Restrict access to keys to the fewest number of custodians necessary 3.5.2 Store keys securely in the fewest possible locations and forms. 3.6 Fully document and implement all key management processes and procedures, including: 3.6.1 Generation of strong keys 3.6.2 Secure key distribution 3.6.3 Secure key storage 3.6.4 Periodic key changes 3.6.5 Destruction of old keys 3.6.6 Split knowledge and dual control of keys (so that it requires 2 or 3 people, each knowing only their part of the key, to reconstruct the whole key). 3.6.7 Prevention of unauthorized substitution of keys 3.6.8 Replacement of known or suspected compromised keys 3.6.9 Revocation of old or invalid keys (mainly for RSA keys) 3.6.10 Requirement for key custodians to sign a form specifying that they understand and accept their key-custodian responsibilities Contact SICOM Systems immediately at 800-547-4266 if it is suspected that these keys have been compromised. RSA keys are not used. Requirement 4: Encrypt transmission of cardholder and sensitive information across public networks. Sensitive information must be encrypted during transmission over the Internet, because it is easy and common for a hacker to intercept and/or divert data while in transit. 40 4.1 Use strong cryptography and encryption techniques (at least 128 bit) such as Secure Sockets Layer (SSL), Point-to-Point Tunneling Protocol (PPTP), Internet Protocol Security (IPSEC) to safeguard sensitive cardholder data during transmission over public networks SICOM encrypts all cardholder information when transmitted between terminals.
4.1.1 For wireless networks transmitting cardholder data, encrypt the transmissions by using Wi-Fi Protected Access (WPA) technology if WPA capable, or VPN or SSL at 128-bit. Never rely exclusively on WEP to protect confidentiality and access to a wireless LAN. Use one of the above methodologies in conjunction with WEP at 128 bit, and rotate shared WEP keys quarterly and whenever there are personnel changes. 4.2 Never send cardholder information via unencrypted e-mail. The application is designed for the specific POS hardware and OS provide by SICOM. It is not designed for wireless enablement. Should the Merchant add wireless capability to the network, that Merchant is responsible for securing it properly. Full cardholder information is not normally provided at any time for merchants. Should there be an instance where the merchant obtains cardholder information, they must ensure that any transmission of that data is securely transmitted in an encrypted format. Maintain a Vulnerability Management Program Requirement 5: Use and regularly update anti-virus software or programs. Many vulnerabilities and malicious viruses enter the network via employees’ email activities. Anti-virus software must be used on all email systems and desktops to protect systems from malicious software. 5.1 Deploy anti-virus mechanisms on all systems commonly affected by viruses (e.g. PC’s and servers). 5.2 Ensure that all anti-virus mechanisms are current, actively running, and capable of generating audit logs. Requirement 6: Develop and maintain secure systems and applications The SICOM SL Series Manager Terminal is a closed Linux system running only POS related software. Due to the controlled nature of the host and application environment, there are no significant risks. The customer should either provide an Antivirus Gateway to protect the environment or request (or enable) built-in ClamAV support. ClamAV is an opensource AntiVirus package which the SL Series system supports.In addition, all non- SICOM network devices should have anti-virus and spy-ware software enabled to ensure no outside threat to the environment. 41
Page 1 and 2: SICOM SL Series Secure Implementati
Page 3 and 4: Table of Contents Overview of Stand
Page 5: This page intentionally left blank
Page 8 and 9: PABP - Payment Applications Best Pr
Page 10 and 11: Payment Acceptance Environment SICO
Page 12 and 13: specific information about ports re
Page 14 and 15: Figure 3 - Software Release Version
Page 16 and 17: To easily set all of the options to
Page 18 and 19: Each of the fields is defined as fo
Page 20 and 21: The Remote User Password edit (loca
Page 22 and 23: They will need to re-enter the user
Page 24 and 25: SICOM Certificate Authority (CA) Wh
Page 26 and 27: If you have a domain name associate
Page 28 and 29: Installing the SICOM Certificate Au
Page 30 and 31: You will be presented with a securi
Page 32 and 33: Select the Sites button. Here is wh
Page 34 and 35: Keep pressing “Next” and “Ins
Page 36 and 37: Read the License and click “I Agr
Page 38 and 39: must be made, in writing, by an aut
Page 40 and 41: Under “Network Connection Setting
Page 42 and 43: 36 1.1.6 Justification and document
Page 44 and 45: Hackers (external and internal to a
Page 48 and 49: Unscrupulous individuals use securi
Page 50 and 51: 44 permitting access.
Page 52 and 53: 8.5.7 Distribute password procedure
Page 54 and 55: individuals). 9.9 Maintain strict c
Page 56 and 57: 11.2 Run internal and external netw
Page 58 and 59: 52 12.5.1 Establish, document, and
Page 60 and 61: Glossary Acquiring Bank A bank that
Page 62: touches), Payment Application Envir

Secure Implementation Guide - SICOM Systems, Inc.

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?