Tag: cyber security

POS Breach: How firewalls & PCI compliance keep your customers safe

The POS breach. They’re the bogeyman on the mind of every consumer when they swipe their card at the check-out counter: POS, or Point of Sale, breaches. With famous examples such as the Target breach of 2013, in which 2000 retail stores lost sensitive financial data for their customers, it is no wonder that the menace of cyber thievery through the conduits of transaction systems are legitimate concerns. To understand why this type of attack is a real threat, it’s important to first understand how and why it keeps happening.

The Objective:

In most every case of a POS breach, the attacker’s goal is to make off with the sixteen digits printed on the front of your credit card. Credit card data goes for big bucks on the cyber black market, so stealing credit card credentials will always be a worthwhile endeavor for cyber criminals. For the last several years, credit and debit transactions have taken the number one spot as the most common form of payment in the United States. With a majority of transactions taking place through plastic, the Point of Sale device has a big target on its chassis.

The Marks:

Cyber criminals aren’t exactly picky about whose data they’ve stolen. Instead, their game is focused on quantity. Therefore when it comes to a POS breach, attackers are only looking for a few factors to designate a quality target: ease of the breach, number of potential victims, and business functions reliant on Point of Sale systems. Certain types of industries are on the chopping block. Usually, those industries include restaurants, hotels, grocery stores, gas stations, and department stores. Perimeter security in these kinds of businesses are often lax and a high volume of credit card transactions means that attackers have a better chance of snagging something.

The Method:

Most POS systems run on a Windows system. This means that POS systems are susceptible to the same vulnerabilities as a Windows-based computer. Upon swipe, a POS stores credit card data, unencrypts that data in order to process the transaction, then stores the transaction data to later be rolled up to corporate for audit. In the case of POS breaches, cyber criminals are focused on inserting themselves between the unencrypting process and the transaction archives.

You may be wondering how malware is delivered to a POS system. Are criminals swiping malware-laced credit cards at the register? Or hacking into the wires out back? No. Unfortunately, the same means and methodology of the everyday hacker work just fine for a POS breach: phishing emails, weak passwords, and cyber security oversights.

In most cases, breachers target the computers connected to the POS machine to gain access. Employees use these machines not only for transactions, but also use these machines to check email, run other Web-facing applications, or just to surf the web when the boss isn’t looking.

Social engineering and a lack of basic security culture can easily turn a computer used as a cash register 95% of the time into a fruitful honeypot for hackers.

The Cure:

PCI Compliance is a 12-step checklist to ensure that your business is safely handling payment cards. Nearly half of the dozen requirements can be accomplished by use of a properly configured and up-to-date firewall device. If your firmware is kept current and your appliance has been configured in a way which leaves no vulnerabilities and blindspots in the network, you should be golden. Further, regularly discussing cyber security and email safety with employees should be a no-brainer.

Curious about keeping your organization PCI Compliant?

CHECK OUT OUR PCI COMPLIANCE ARCHITECT SOLUTION

Small Business Firewalls: Choosing the right firewall for your needs

Small business firewalls come in a variety of brands, sizes, and options. The firewall is the heart of your cyber security infrastructure, so choosing the right appliance to fit your small business will be a task requiring both insight and foresight. Below, you will find a handful of things that we believe all owners should consider before investing in small business firewalls.

Software vs Hardware

There exist two distinct types of firewalls: software and hardware. While virtual software-based firewalls are great at protecting individual users, they become costly and over-complicated when several users are trying to operate on one network. In this case, a hardware solution is better suited to the job. A single firewall appliance extends protection to all users on a network.

If your organization consists of just a few users, software firewalls could be a workable option. However, if your organization is made up of more than 3 or 4 users, a hardware appliance is an obvious improvement over their software counterparts.

Ease of Use

If you’re running a small business, chances are your payroll may not comfortably accommodate a full-time system administrator role. With other job roles and departments vying for bigger budgets and more attention, an info sec department that requires minimal upkeep is a godsend. Therefore, ease-of-use should play a key role in your decision when purchasing a firewall.

Firewall manufacturers are racing to accommodate the needs of small business owners who can’t dedicate entire workdays to studying the nuances of cyber security. This is accomplished by providing intuitive user interfaces, visualized reporting, and straight-forward alert systems.

Scalable

The ultimate goal of the small business is to grow. Success means more employees. Success means more complicated procedures and systems. Success means bigger networks, more data, and more numerous attack surfaces. Watchguard’s Extensible Threat Manage (XTM)  is touted under the motto “future proof” because it was designed specifically to scale to changing needs.

Firewalls.com recommends hardware that is advertised to accommodate twice the number of users that currently inhabit your network. Not only does the extra strength ensure you’ll never run into performance issues, but it leaves you some breathing room for when your organization grows.

Versatility

Along similar lines to scalability, small business owners should consider how susceptible a firewall is to change. Small businesses have the unique ability to test several different programs and applications before deciding which ones best fit their goals. The software and web applications that you’re working with today may not be the same applications that your business utilizes next year.

If small business firewalls are going to survive the long haul, consider how the firewall interacts with the other hardware and software. Small businesses should never find themselves in a situation where their decision-making options dependent on whether their firewall can accommodate the changes or not. Look for appliances that are versatile, adaptable, and can play well with others.

The Sophos Intercept X endpoint protection was built to run alongside any other Anti-Virus clients in use.

TRY A FREE 30-DAY TRIAL OF INTERCEPT X

Configuration

Bad news. Your buyers’ journey is not over when you click “Confirm Order.” Save that sigh of relief until your firewall has been unboxed, configured, and deployed.

Properly securing your network requires that the settings of your firewall appliance reflect the needs, strengths, weaknesses, and blind spots in your network. Just as every small business operates in their own unique way, their firewall should be customized to fit those needs.

Firewalls.com recommends that small business owners take advantage of our Configuration Service, built on a proprietary 100-step configuration methodology that ensures your firewall is tailor-made to suit your network.

CHECK OUT OUR CONFIGURATION SERVICE OPTIONS

Managed Service

As mentioned earlier, small businesses may not always have a large budget set aside for hiring in-house sys admin. Luckily, there is no shortage of third parties available to do the legwork for you. Firewalls.com offers both Managed Services and Firewall-as-a-Service bundles. The gist of it: you plug your small business firewalls in and we handle it from there. If there’s a problem with your network, we alert you and fix it. Then, you go back to your workday. Next time someone asks you about your business’s network security, you can scoff and brag “Oh, I have people for that.”

CHECK OUT OUR MANAGED SERVICE OPTIONS

Learn About Firewalls: Firewalls.com YouTube Channel offers network security how-tos, tutorials, & troubleshooting

Learning about firewalls and network security is no easy chore. While a wealth of knowledge exists across the web, few domains can translate complex network security concepts into easily-digested lessons for beginners. Likewise, troubleshooting firewall issues often leads to old, obsolete forum responses and dead ends. You’re in luck.

The Firewalls.com YouTube library is continuously growing and packed to the brim with how-to’s, tutorials, troubleshooting guides, and more. Like a treasure trove full of SonicWall and Sophos solutions, Firewalls.com customers and visitors alike are sure to find the answers to their questions.

Who makes the videos?

We do! Right here in the office. Our video series is produced, edited, and narrating by our rockstar team of engineers and architects. If you’re the type of person that wants the answer straight from the horse’s mouth, then this is the channel for you. Our video makers are certified SonicWall and Sophos engineers with over a decade of combined experience in real world network security management. Learn about firewalls from the guys that spend every day up to their eyeballs in network security! Our two narrators, Alan and Matt, are ready to show you the ropes.

a look into the firewalls.com studio where we answer questions based on your search terms about cyber security, info sec, firewalls, sophos, sonicwall, and more
A look at our editing desk.

Who decides what video topics to cover?

You do! We generate topics for our videos based on the top search terms in YouTube, Google, and the Firewalls.com website. We know the Internet has important questions and we want to answer them. If there’s a certain topic you want us to cover, let us know in YouTube comment sections or on social media.

Why the Firewalls.com channel?

We want you to learn about cyber security, so we’re not going to waste your time. We’re no pack of newbs that spend the first two minutes of every video introducing ourselves, begging for likes, and talking about our BFF’s new music project. Get in, get answers, and get back to being productive.

What’s in it for me?

Information, readily available and easy to follow. Our videos are made by screen capturing our network techs using the same reporting and monitoring programs that our customers use, in real time. There’s no magic wand waving behind slick edits or cuts.

Running dual monitors? Set one screen to our YouTube and the other screen to your work space and you can fix network security snafus side-by-side, at your pace.

How can I learn more?

Subscribe to our YouTube channel and you’ll be notified the moment we publish new how-tos. If you’re following us on Facebook, LinkedIn, or Twitter, we’re always sure to post new videos on social media as well.

firewalls.com studio for creating youtube videos answering questions about cyber security, sophos, sonicwall, watchguard, and more firewalls topics
Join us in the studio!

Check out some of our most recent Sophos & SonicWall issues solved:

Use your Sophos XG Firewall as a DNS Request Server

Use SonicWall’s NetExtender to setup an SSL VPN

Firewalls.com Network Security Glossary

Network security can prove deep waters to wade into. As the scope of technology grows, so too does the pool of jargon and initialisms that find their way into our vocabulary. When your network administrator starts muttering about SSL and WANs, it’s tempting to just nod and hope he leaves soon, but maybe it’s time that some of us not-so-tech-savvy folk got a few info sec terms under our belt. With this new infographic from Firewalls.com, you can learn the java-fueled jive talk of the IT clan. Go tell your sys admin how you feel about the form factor of the new Galaxy S8 and watch the mixture of confusion, surprise, and marvel light up their face. Finally, you can interpret the estranged tongue of cyber security.

 

Feeling like a cyber security expert? There’s always more to learn. Stay up to date with the latest news by following us on Twitter and Facebook!

Follow Us on Twitter!