Posts by Eirik Iverson

Lack of Daily Physical Access Doesn't Mean Safe for Windows

I've noticed in several different industries that run ATMs or PoS devices on Windows based systems that their administrators seem to perceive these devices differently, as they would a laptop. Evidently, they seem to regard them as considerably more secure because they are not physically accessible to ordinary people (I hope you know what I mean in the case of ATMs) or used for general purpose computing (at least, not supposed to be). Like a laptop, these systems need to be locked down, and they need to be protected by more than just a signature-based product using technology invented over a decade ago. Below are older posts that make the rest of my point:

http://www.blueridgenetworks.com/securitynowblog/endpoint_security/signature-based-antivirus-and-hips-technologies-poor-endpoint-protection

http://www.blueridgenetworks.com/securitynowblog/endpoint_security/secunia_report_signature-based_antivirus_misses_most_unknown_malware

Doctor's Offices

Whenever I'm in a doctor's office or some other medical facility, I'm now in the habit of looking at their information technology. This usually results in my dwelling more on their lack of security than my case of the flu, re injured knee, or whatever brought me there.

My last visit left me alone in a room for about half an hour with a WinXP machine hanging from a wall. Later, when someone arrived to use it, I was quite distracted while talking with her as I kept thinking how easily one could compromise the records of everyone associated with their practice.

Protect the PCs Better

I'm not much of a network wonk anymore. I'm into endpoint security issues these days. So, in addition to the network remedies suggested above (oh and I would like to see digitally signed DNS), we need to do a better job of protecting PCs, which are far too vulnerable with their typical defenses. I seem to rant a lot about this on www.securitynowblog.com If interested, a couple of posts:

We cannot trust the software that runs on our PCs: http://www.securitynowblog.com/endpoint_security/computer-software-hijacked-malware-attack-steal

And this one about signature-based defense limitations:

http://www.securitynowblog.com/endpoint_security/secunia_report_signature-based_antivirus_misses_most_unknown_malware

In smaller organizations, PCs are disturbingly vulnerable.

- Eirik

More Info Would be Nice

I'm curious about the operating system (s) used for these ATMs and what privileges the typical technicians have on them. With such relatively static configurations, it would seem quite straightforward to lock these machines down and perform regular audits to counter these risks, even if the techs have admin rights.

Eirik Iverson

http://www.blueridgenetworks.com/products/edgeguard.htm