Securing Kiosk Systems with Symantec DCS


The Challenge

Self-Service kiosks are becoming increasingly commonplace as a means for services to be presented and delivered to customers and are a key or emerging component in many industries — including transportation, fast-food and retail.  Unfortunately, the high volume of customer interactions that these systems are typically expected to handle, along with the likelihood that personally or financially sensitive information may be introduced to them makes them attractive targets for data and identity thieves.  This concern is compounded by the fact that the often-times “Always-On” nature of these services and their often relative remoteness versus the core IT and security infrastructure means they are at higher risk as targets of attack and compromise. Self-Service kiosks are vulnerable to gaps in protection within security solutions which mainly rely around signature updates and/or patching to be effective. The worse case scenario — the potential payoff for an attacker who successfully manages to compromise one of these systems and spread his or her attack to similar devices is huge and makes them very tempting targets for bad guys.

The Solution

Symantec Data Center Security Server: Advanced, and Symantec Embedded Security: CSP utilizes very powerful protected whitelist policies which ensures that a remote system (like a kiosk) is protected against the most determined of digital attacks. What’s more, the highly static nature of these devices’ functions makes them ideal candidates for this kind of very granular protection strategy.  The Protected Whitelist Policy provides a granular and customizable set of system-wide of protections which automatically prevents execution of any process that is not known and explicitly trusted by the IT security team.  It also restricts the actions of known and trusted processes to only those actions critical to their function and/or which have been explicitly granted by IT. No unauthorized activity may be undertaken on a protected system.   These features provide a persistent, real-time, signature-free security measure which may be configured to work in conjunction with established patching processes and traditional anti-virus and ensure a strong security strategy even in less than ideal scenarios, and which cannot be readily defeated through conventional means.  Furthermore, Symantec Data Center Security Server: Advanced, and Symantec Embedded Security: CSP enable the administrator the option of installing the agent in an unmanaged configuration.  This unmanaged configuration may then be readily and easily updated and configured when necessary by approved field technicians without the need for centralized management which may be impossible to receive.

 

DCS kiosk

The Impact

Leveraging DCS requires installation of the Agent on your protected asset, with the availability of a management server and database for agent and policy management and basic reporting services. Optionally, enhanced reporting services (such as Conventus’ SOLVE solution) may and often are also implanted to enable more tailored visibility onto into the environment.  The Agent is a small footprint of 100MB free space and 256MB of RAM to install and run, and is available for Windows releases from NT 4.0sp6a through to current releases of Windows 10 and Windows server 2016.  The management server ideally will support a minimum of 8GB of RAM, 4 CPU threads and 60GB of free disk space and will have access to a MSSQL database instance to host the Management and Reporting database.  Once installed and profiled, the agent will be protected by the configured security policy and will typically require minimal (if any) adjustments to the finalized policy as long as the underlying system software configuration or behavior does not change.  Once the policy is configured to work with your Kiosks, the security delivered by that policy will remain consistent for the remainder of the life of the protected asset, barring introduction of new functions, applications or configurations.

 

For questions about how NorthStar can help with your Symantec DCS environment, please contact us via your favorite form of communication:

Email: connect@northstar.io  |   Phone: 312-421-3270  | Server Security