1 Introduction - ut€¦ · ISA_10 Light Display Indicate Express Checkout mode (BA_03) ISA_11 Ethernet network Provide means to communicate between parties (servers, Bank, card reader,

4

1 Introduction

The purpose of this document is to analyze the security of information system (Trading System) presented in the paper [1]. During this analysis, we follow the steps in the security risk management process, which include: identification of assets and contexts, possible security objectives (confidentiality, integrity, and availability of assets), risk assessment (cost, likelihood, impact etc.), determination and prioritization of security requirements on the system, proposition of selected security requirements and controls to be implemented in the system. We make it in two iterations.

At the very end, we suggest and give incentives whether the system (with implemented security controls) is reasonable.

2 Description of the System

2.1 Parties Table 1. Stakeholders and their goals

Stakeholder Goal

Cashier Process sale (scan the goods using Bar Code Scanner or insert manually using Cash Desk PC, receive payment from the customer by either credit card or cash, print receipt)

Customer Get purchased goods (pay for the goods using either credit card or cash, get receipt for the payment)

Store Manager Manage inventory (order products, change price, view inventory reports)

Stock Manager Receive/decline ordered products

Enterprise Manager

View delivery reports

Supplier Sell goods, receive product orders

2.2 Business assets Table 2. Business assets, their value and security criterion

ID Business asset Value Security criterion

BA_01 List of completed sales

Ability to generate reports, long term inventory planning, plan sales strategy

Confidentiality of completed sales, integrity of stored sale records, availability of sale records to use for strategic planning

5

BA_02 Process of managing express checkouts

Increased customer throughput Integrity of the mechanism to switch into express checkout mode, availability of the express checkout mode

BA_03 Card payment process

Accurate and trustworthy payment (automatic calculation by the Trading System, verification of the available funds of the customer, authentication of the customer when inserting the PIN code, electronic payment transaction)

Confidentiality of the payment process, integrity of the payment details and accounts during transaction, availability of the card payment service.

BA_04 Inventory reports Real-time inventory tracking and reports, statistics about the store

Integrity of the information about the goods (and their amounts) stored in the inventory, availability of the inventory data (goods and their details)

BA_05 Product exchange process among stores

Efficient enterprise inventory management, faster delivery

Integrity of the heuristics determining the deliveries, integrity of the data retrieved about the Store servers through the synchronization process, availability of the Store servers.

BA_06 Synchronization of Stores and Enterprise Server

Central and up to date Enterprise inventory Availability of the Store servers and Enterprise server, integrity of sent and received Store inventory data

BA_07 Suppliers list

Ability to choose suppliers to order products from

Integrity of the suppliers list, availability of the suppliers list

BA_08 Product list Ability to choose different products from different suppliers

Integrity of the product list, confidentiality of the product list, availability of the product list

BA_09 Receive ordered products process

Complete and correct delivery Integrity of the product orders, received ordered products

BA_10 Inventory management

Ability to change and view details of the goods in the inventory (e.g. price, quantity), ordering products to have sufficient amount goods in the inventory

Availability and integrity of the information describing the inventory status

BA_11 Delivery reports Statistics about the enterprise, generating reports.

Integrity of the statistics about the enterprise

6

BA_12 Sale process Selling goods and receiving money, possibly fast and accurate (profit)

Availability of the sale process (Cash Desk and Store server up and running), integrity of the payment details

BA_13 Barcode Identify items Integrity of the statistics

BA_14 Cash payment process

Accurate payment with authentic and valid money

Availability of the cash payment process, integrity of the payment

2.3 Information System (IS) asset Table 3. Information System assets

ID IS asset How does it support business asset?

ISA_01 Store server Stores sales, stock items, orders (BA_01, BA_04, BA_06, BA_09, BA_10)

ISA_02 Enterprise server Product and supplier list, also inventory information about different Stores (BA_05 - BA_08, BA_11)

ISA_03 Store client Provides environment to carry out different processes (BA_04, BA_09, BA_10)

ISA_04 Enterprise client Generate delivery report (BA_11)

ISA_05 Cash desk PC Wires all the Cash Desk components with each other, software which is responsible for handling the sale process and for the communication with the Bank is running on that machine (BA_03, BA_12)

ISA_06 Bar Code Scanner Identify item (BA_12, BA_13)

ISA_07 Card Reader Card payment (BA_03, BA_12)

ISA_08 Cash Box Starts and finished sale, initiate card payment, register purchase (BA_02, BA_03, BA_12, BA_14)

ISA_09 Printer Prints receipt (BA_12)

ISA_10 Light Display Indicate Express Checkout mode (BA_03)

ISA_11 Ethernet network Provide means to communicate between parties (servers, Bank, card reader, clients, Cash Desk PC, Supplier IS) (BA_02, BA_03, BA_05, BA_06, BA_09- BA_12)

ISA_12 Store Manager Order products (BA_10)

ISA_13 Stock Manager Receive ordered products (BA_09)

ISA_14 Express Cash Desk Algorithm

Turns on Express Checkout Mode (BA_02)

7

ISA_15 Product Exchange algorithm

Manages low stock in Store (BA_05)

ISA_16 Software responsible for handling the sale process/ communication with the Bank

Responsible for handling the sale process/communication with the Bank (BA_03, BA_12)

2.4 Relationship between IS assets and business assets

The relationship between IS assets and business assets is presented in Relationship between business assets and IS assetsTable 4. The mark “X” indicates that the corresponding IS asset supports the corresponding business asset. More details are presented in Table 2 and 3.

Table 4. Relationship between business assets and IS assets.

BUSINESS ASSETS

IS ASSETS BA_0

1

BA_0

2

BA_0

3

BA_0

4

BA_0

5

BA_0

6

BA_0

7

BA_0

8

BA_0

9

BA_1

0

BA_1

1

BA_1

2

BA_1

3

BA_1

4

ISA_01 X X X X X ISA_02 X X X X X ISA_03 X X X ISA_04 X ISA_05 X X ISA_06 X X ISA_07 X X ISA_08 X X X X ISA_09 X ISA_10 X ISA_11 X X X X X X X X ISA_12 X ISA_13 X ISA_14 X ISA_15 X ISA_16 X X

8

3 System Analysis – First Iteration

The system security analysis is focused on organization’s Store systems. The Enterprise Server and the communication with Store servers are left out of the scope. During this analysis risks are identified highlighting the possible asset-related, risk-related, and risk-treatment related concepts. Every risk includes also quantitative assessment.

3.1 Identified risks

3.1.1 Risk 1 – Changing barcode

Asset-related concepts

Asse

t Business asset

Sale process

IS asset Barcode

Security criterion Integrity of the sale process

Risk-related concepts

Risk Attacker pays less than original value for a product because products barcode can be altered leading to loss of integrity of barcode

Impact Loss of integrity of barcode

Event Attacker replaces products barcode with a cheaper product barcode and pays less than original value for a product

Vulnerability Products barcode can be altered

Threat Attacker pays less than original value for a product

Threat agent Attacker with means to create a barcode

Attack method Attacker creates a barcode of a cheaper product and replaces the original barcode with it

Risk treatment-related concepts

Risk treatment decision

Acceptance

Security requirement

-

Control -

9

ASSET VALUE

Asset Value

Barcode Depending on the price of the product

MEASURING ASSET

Security need for availability Security need for confidentiality

Security need for integrity

2 0 2

MEASURING RISK

Threat likelihood Level of vulnerability Potentiality (likelihood + vulnerability

level – 1)

Impact

1 – unlikely, not a common attack (a lot of work for little gain)

3 – barcode is not protected in any way

3 2

RISK LEVEL

6

MEASURING RISK TREATMENT

Risk Treatment Risk acceptance

Security Requirement

New vulnerability level

- 3

New Risk level 6

Risk reduction 0

Cost €0

Return on Security Investment (ROSI):

x The ROSI cannot be calculated as the Risk exposure is hard to quantify.

10

3.1.2 Risk 2 – Paying with counterfeit money

Asset-related concepts As

set Business

asset Sales process

IS asset Cash Box

Security criterion Integrity of sales process


Risk A person paying with counterfeit money because banknote’s authenticity is not checked

Impact Loss of integrity of sales process

Event A person paying with counterfeit money because banknote’s authenticity is not checked

Vulnerability Bank note’s authenticity is not checked

Threat A person paying with counterfeit banknotes

Threat agent A person with skills and knowledge to produce counterfeit money

Attack method Counterfeit banknotes



Risk reduction


All Cash Desks must be equipped with a banknote authenticity checker and cashiers have monetary responsibility for accepted banknotes authenticity.

Control Banknote authenticity checker

11

ASSET VALUE

Asset Value

Cash payment process €250001 x 200 stores x 365 days x 50% cash payments = €912,5 million

MEASURING ASSET



3 0 3

MEASURING RISK


level – 1)

Impact

1 – unlikely due to the security measures implemented in a bank note

2 – no certain measures for checking authenticity

2 3

RISK LEVEL

6


Risk Treatment Risk reduction



banknote authenticity checker

0

New Risk level 0

Risk reduction 6

Cost 200 stores x 8 cash desk/store x €992 = €154800


x Risk exposure = €912,5 million x Risk mitigated = Risk reduction / Risk level = 6 / 6 x Solution cost = €154800 x ROSI = 589370%

1 http://www.epl.ee/news/eesti/pirita-selverile-tehti-taas-pommiahvardus.d?id=50831000 2 http://www.byroomaailm.ee/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=25513 &category_id=317256&vmcchk=1&option=com_virtuemart&Itemid=1

http://www.epl.ee/news/eesti/pirita-selverile-tehti-taas-pommiahvardus.d?id=50831000

http://www.byroomaailm.ee/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=25513%20&category_id=317256&vmcchk=1&option=com_virtuemart&Itemid=1%20

http://www.byroomaailm.ee/index.php?page=shop.product_details&flypage=flypage.tpl&product_id=25513%20&category_id=317256&vmcchk=1&option=com_virtuemart&Itemid=1%20

12

3.1.3 Risk 3 – Multiple insertion into system


set Business

asset Sale process

IS asset Cash box

Security criterion Integrity of the sale process


Risk Cashier enters some of the products bought by customer into cash box more times than there are actual items as the customer does not have an overview of the products the cashier enters into cash box leading to loss of integrity of a sale harming the store’s reputation

Impact Loss of integrity of the sale

Event Cashier enters some of the products bought by customer into cash box more times than there are actual items as the customer does not have an overview of the products the cashier enters into cash box

Vulnerability Customer does not have an overview of the products entered by cashier before receiving check

Threat Cashier enters some of the products bought by customer into cash box more times than there are actual items

Threat agent Employee of the store who wants to increase the sales done by him/her

Attack method Theft of money



Risk reduction


Customer will have an overview of the items entered into the cash box

Control A small screen showing the current item entered, the amount and price will be displayed so that the customer can see it

13

ASSET VALUE

Asset Value

Sale process Depending on the price of the product (€0,01 - €1000 approx.) and the amount of occurrences of the attack

MEASURING ASSET



3 0 3

MEASURING RISK


level – 1)

Impact

2 – Possible to happen as some cashiers may want to have a surplus in their cashbox

1 – Customer can check the amounts from a receipt but this usually is not done

2 3

RISK LEVEL

6





Customer to have an overview of the items entered into the cash box

0

New Risk level 3

Risk reduction 3

Cost 200 stores x 8 cash desks x €1493 = €238400


x Risk exposure = €100000 x Risk mitigated = Risk reduction / Risk level = 3 / 6 x Solution cost = €238400 x ROSI = -79%

3 http://hlt.ee/tooted/kliendinaidik

http://hlt.ee/tooted/kliendinaidik

14

3.1.4 Risk 4 – Infecting Cash Desk PC with malware


set Business

asset Sale process

IS asset Cash Desk PC

Security criterion

x Availability of the sale process x Integrity of the data exchanged during sale process x Confidentiality of data being handled using Cash Desk PC

Also some other information that is not presented in the paper.


Risk A bad person having (possibly unauthorized) access to the Cash Desk PC and infecting the PC with malware, which leads to unavailability of sale process and/or a loss of integrity and confidentiality of data exchanged during sale process

Impact Store PC infected with malware may become non-operational or exploited., which leads to: x A loss of availability of the sale process.

If already having access to the PC, then also: x A loss of integrity of the data exchanged during sale process x A loss of confidentiality of the data exchanged during sale process

Event One (or more) Store PC’s gets infected with malware

Vulnerability x Unauthorized personnel can access to the Cash Desk PC x Cash Desk PC is not equipped with anti-malware software

Threat Cash Desk PC gets infected by malware

Threat agent Anyone with bad intentions and access to the Store Cash Desk PC, also with knowledge and means to plant the malware into the PC (e.g. using USB infected malware)

Attack method Infecting the Cash Desk PC with malware which can spread into all the Store PCs using internal network. Malware can cause damage and/or modify/collect data



Risk reduction Risk reduction Risk retention


All the Store PCs should be equipped with proper anti-malware software

All the Store PCs should use appropriate authentication methods

-

Control Installing anti-malware software on every PC

More secure authentication method (combination), e.g. ID-card.

The insurance covers the loss

15

ASSET VALUE

Asset Value

Sale process €25000 x 200 stores x 365 days =€1,825 billion

MEASURING ASSET



3 2 3

MEASURING RISK


level – 1)

Impact

1 – unlikely that Cash Desk PC is left unattended

3 – possible harm is very big 3 3

RISK LEVEL

9


Risk Treatment Risk reduction Risk reduction



Anti-malware software

2 Access to the PC only with ID-card

2

New Risk level 6 6

Risk reduction 3 3

Cost €250000 (enterprise version, installment)

€100000 (architecture, installment)


Anti-malware software x Risk exposure = €1,825 billion x Risk mitigated = Risk reduction / Risk level = 3 / 9 x Solution cost = €2500000 x ROSI = 243233%

Access to the PC only with ID-card x Risk exposure = €1,825 billion x Risk mitigated = Risk reduction / Risk level = 3 / 9 x Solution cost = €100000 x ROSI = 608233%

16

3.1.5 Risk 5 – Paying with stolen card


set Business

asset Card payment process

IS asset Card Reader

Security criterion Integrity of the card payment process


Risk An attacker paying with stolen bank card using a flaw in the PIN verification protocol4 leading to loss in store reputation, loss of card owner money and loss of integrity of the card payment process

Impact Loss in store reputation, loss of card owner money

Event An attacker paying with stolen bank card using a flaw in the PIN verification protocol

Vulnerability A flaw in the PIN verification protocol

Threat An attacker paying with stolen bank card

Threat agent An attacker with a special rig and stolen bank card

Attack method Man-in-the middle device



Risk acceptance Risk avoidance


- No card payments allowed

Control - No card payments allowed

4 http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf

http://www.cl.cam.ac.uk/~sjm217/papers/oakland10chipbroken.pdf

17

ASSET VALUE

Asset Value

Card payment process €25000 x 200 stores x 365 days x 50% cash payments = €912,5 million

MEASURING ASSET

Security need for availability Security need for confidentiality Security need for integrity

3 3 3

MEASURING RISK


level – 1)

Impact

1 – requires extensive knowledge and special rig

3 – very hard to discover and can cause a lot of harm

3 3

RISK LEVEL

9


Risk Treatment Risk acceptance Risk avoidance



- 3 No card payments allowed

0

New Risk level 9 0

Risk reduction 0 9

Cost 0€ €912,5 million (loss in revenue from card payments)


ROSI will not be calculated as there is no return on investment.

18

3.1.6 Risk 6 – PIN code logger


set Business

asset Card payment process

IS asset Card reader

Security criterion Confidentiality of card payment process


Risk An attacker places a key logger on top of the buttons of the card reader as it is left unattended and gets to know the PIN codes of the customers leading to loss of confidentiality of card payment process and harming the store’s reputation

Impact Loss of confidentiality of card payment process

Event An attacker places a key logger on top of the buttons of the card reader as it is left unattended and gets to know the PIN codes of the customers

Vulnerability Card reader buttons are not checked and once in a while they are left unattended

Threat Attacker places a key logger on top of the buttons of the card reader and gets to know the PIN codes of the customers

Threat agent Anyone who has knowledge about key loggers and access to the card readers used in stores

Attack method Man-in-the-middle device



Risk reduction


Card reader will not be left into public space unattended

Control Working procedure requiring to place the card readers into a lock box when cash desk is left unattended by the employee

19

ASSET VALUE

Asset Value

Card payment process This can lead to customers losing money and the company losing some part of their customers and therefore revenue because of loss of reputation after this news came out. For example given that the daily revenue is €25000 and 30% of the customers are lost for the year. The value could be

€25000 x 365 days x 200 stores x 0,3 = €547,5 million

MEASURING ASSET



3 3 3

MEASURING RISK


level – 1)

Impact

2 – Can happen because this attack has been quite frequent in some cases

2 – Very high there are no security measures in place

3 3

RISK LEVEL

9





Card reader will not be left into public space unattended

0

New Risk level 3

Risk reduction 6

Cost 200 stores x 8 cash desks x €345 = €54400



5 http://www.on24.ee/kodu/varia_k/seifid_rahalaekad_votmekapid/20163

http://www.on24.ee/kodu/varia_k/seifid_rahalaekad_votmekapid/20163

20

3.1.7 Risk 7 – Logger in internal network


set Business

asset List of completed sales, inventory reports, suppliers list, product list, delivery reports

IS asset Ethernet network

Security criterion Confidentiality of data


Risk An attacker places a device into the intranet because he has access to Ethernet wall socket which leads to loss of confidentiality of data

Impact Loss of confidentiality of data

Event An attacker places a device into the intranet because he has access to Ethernet wall socket

Vulnerability Access to Ethernet wall socket

Threat An attacker places a device into the intranet

Threat agent An attacker with a hardware internet traffic sniffer

Attack method Man-in-middle device



Risk avoidance Risk reduction


No public Ethernet wall sockets All devices must authenticate themselves before gaining access to intranet.

Control No public Ethernet wall sockets Intranet authentication

21

ASSET VALUE

Asset Value

List of completed sales, inventory reports, suppliers list, product list, delivery reports

€4,9 million6

MEASURING ASSET



2 3 3

MEASURING RISK


level – 1)

Impact

1 – usually Ethernet socket not at random places, requires special device

2 – hard to detect, easily planted 2 2

RISK LEVEL

4


Risk Treatment Risk reduction Risk avoidance



All devices must authenticate themselves before gaining access to intranet.

1 No public Ethernet wall sockets

0

New Risk level 2 0

Risk reduction 2 4

Cost €100000 €0



6 http://www.pwc.com/en_US/us/increasing-it-effectiveness/assets/data_loss_prevention.pdf

http://www.pwc.com/en_US/us/increasing-it-effectiveness/assets/data_loss_prevention.pdf

22

3.1.8 Risk 8 – Intercept communication


Asse

t Business asset

Inventory data

IS asset Store Client (which has access to the Store Server)

Security criterion

x Confidentiality of the data exchanged x Integrity of the data being exchanged

Also some other information that is not presented in the paper (e.g. user credentials to access to the Store Server)


Risk A hacker using to tools to intercept the unencrypted communication between Store Client and Server, which results in a loss of confidentiality of inventory data

Impact x A loss of confidentiality of inventory data x A loss of integrity of inventory data

Event A hacker is intercepting the data exchanged using over insecure remote connection between Store Client and Server

Vulnerability Unencrypted communication between Store Client and Server when using Java RMI (Remote Method Invocation)7

Threat Hacker who has tools and knowledge how to intercept the communication between the Client and Server

Threat agent Hacker connected to the network (i.e. needs to be connected to the internal network) acting as intermediate node and having proper tools which can collect and analyze messages sent and received

Attack method Intercepting (and possibly altering) the data exchanged between Store Client and Server



Risk reduction


Appropriate connection or channel between Store Client and Server should be used

Control x SSH tunneling for Java RMI (Figure 3) x RMI over SSL (more expensive/complex when dealing with X.509 certificates)

(Figure 3)

7 http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136424.html

http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136424.html

23

ASSET VALUE

Asset Value

Inventory data (list of completed sales)

€1 million

MEASURING ASSET



3 1 3

MEASURING RISK

Threat likelihood Level of vulnerability Potentiality (likelihood + vulnerability level – 1)

Impact

2 – not a very rare attack, technical level not too high

2 - no effective security measures in place

3 3

RISK LEVEL

9


Risk Treatment Risk reduction Risk reduction



SSH tunneling 1 RMI over SSL 1

New Risk level 6 6

Risk reduction 3 3

Cost €40000 (SSH client free, installment cost)



SSH tunneling x Risk exposure = €1 million x Risk mitigated = Risk reduction / Risk level = 3 / 9 x Solution cost = €40000 x ROSI = 733%

RMI over SSL x Risk exposure = €1 million x Risk mitigated = Risk reduction / Risk level = 3 / 9 x Solution cost = €1000000

24

x ROSI = -66%

3.1.9 Risk 9 – Intrusion to the Store Server


Asse

t Business asset

Inventory data

IS asset Store Server

Security criterion

x Availability of the inventory data x Integrity of the inventory data x Confidentiality of the inventory data

Also some other information that is not presented in the paper (e.g. login credentials).


Risk An attacker makes an intrusion to the Store Server using loop holes in the system (open port, weak username/password, and root login allowed) which leads to a loss of confidentiality, integrity, and availability of inventory data

Impact A loss of confidentiality, integrity, and availability of inventory data.

Event An attacker gets access to the Store Server using possible loop holes in the system (open port, weak username/password, and root login allowed)

Vulnerability x Open ports x Weak username/password x Root login allowed

Threat An attacker who can make an intrusion to the Store Server in order to get (unauthorized) access to the inventory (or other data)

Threat agent An attacker with appropriate tools and motivation to perform intrusion into the Store Server.

Attack method x Listening at ports (possibly some services which may open the door for the

attackers from the outside of the world); x Using brute-force account login (more easily if root login is enabled)



Risk reduction Risk reduction Risk reduction Risk reduction


System should allow access to the system only with appropriate privileges

Username and password should be with appropriate complexity

System should run only service which is needed.

System needs to handle incoming requests

Control ACL (Access Control List) needs to be specified in the system.

The password for user to log in has to have at least 6 characters with mixture of 3 out of 4 character classes: number [0-9], uppercase [A-Z], lowercase letters [a-z], and symbols.

Not allow installing services which is not needed and may possibly open door for attacker.

Proxy server equipped with firewall

25

ASSET VALUE

Asset Value

Inventory data €1 million

MEASURING ASSET

Security need for availability Security need for confidentiality Security need for integrity

3 1 3

MEASURING RISK

Threat likelihood Level of vulnerability Potentiality (likelihood + vulnerability level – 1)

Impact

2 – can happen, but still technical skills needed

3 – very many loopholes 4 3

RISK LEVEL

12


Risk Treatment Risk reduction Risk reduction Risk reduction Risk reduction



Run Server services which only needed

2 Username and password with appropriate strength

2 Proxy Server with firewall

1 ACL lists 2

New Risk level 9 9 6 9

Risk reduction 3 3 6 3

Cost €4000 (Sys. admin)

€4000 (Sys. admin)


€10000 (Sys. admin, architecture, user list)


ACL x Risk exposure = €1 million x Risk mitigated = Risk reduction / Risk level = 3 / 12 = 1 / 4 x Solution cost = €10000 x ROSI = 2400%

Username and password with appropriate strength x Risk exposure = €1 million

26

x Risk mitigated = Risk reduction / Risk level = 3 / 12 = 1 / 4 x Solution cost = €4000 x ROSI = 6150%

Run Server services which only needed

x Risk exposure = €1 million x Risk mitigated = Risk reduction / Risk level = 3 / 12 = 1 / 4 x Solution cost = €4000 x ROSI = 6150%

Proxy Server with firewall

x Risk exposure = €1 million x Risk mitigated = Risk reduction / Risk level = 6 / 12 = 1 / 2 x Solution cost = €1000000 x ROSI = -50% x Solution cost = €4000 x ROSI = 6150%

27

3.2 Security requirements and controls to be implemented The security requirements and controls to be implemented were selected to address the main risks to Cash Desk PC and Store Server (and also due to their high risk level).

Figure 1. Risk treatment prioritization

The figure above represents the prioritization basis and the choosing of treatments to be implemented. The treatments with the lowest cost for the Risks with highest level were implemented. Risk 4 treatment 1 was also included as using only treatment 2 was not seen adequate. As we concentrated on Cash Desk PC and Store server we decided not to implement controls for Risk 6.

3.2.1 Risk 4 – Infecting Cash Desk PC with malware

x Security requirement for Risk 4: o All the Store PCs should be equipped with proper anti-malware software o All the Store PCs should use appropriate authentication methods

x Control chosen: o Installing anti-malware software on every PC o More secure authentication method: ID-card

R2T1 R3T1

R4T1

R4T2

R6T1 R7T1 R8T1

R8T2

R9T1 R9T3 R9T2

R9T4

0

500000

1000000

1500000

2000000

2500000

3000000

3 4 5 6 7 8 9 10 11 12 13

Trea

tmen

t cos

t

Risk level

Risk level compared to treatment cost

28

Figure 2. Current Cash Desk sale process

Figure 3. Vulnerabilities in current Cash Desk sale process

29

Figure 4. Current Cash Desk sale process with security controls in place

3.2.2 Risk 8 – Intercept communication

x Security requirement for Risk 8: Appropriate connection or channel between Store Client and Server should be used

x Control chosen: SSH tunneling for Java RMI

30

Figure 5. Current communication process between Store Client and Store Server.

31

Figure 6. Possible vulnerabilities (interception) of the current communication.

32

Figure 7. Current process with security controls (SSH encryption) in place.

33

3.2.3 Risk 9 – Intrusion to the Store Server

x Security requirement for Risk 9: o Username and password should be with appropriate complexity o System should run only service which is needed.

x Controls chosen: o Not allow installing services which is not needed and may possibly open door for

attacker. o The password for user to log in has to have at least 6 characters with mixture of 3

out of 4 character classes: number [0-9], uppercase [A-Z], lowercase letters [a-z], and symbols.

Figure 8. Current process of using store server

Figure 7. Intrusion to Store server

34

Figure 8. Current process of using store server, with controls implemented

Documents

1 Introduction - ut€¦ · ISA_10 Light Display Indicate Express Checkout mode (BA_03) ISA_11 Ethernet network Provide means to communicate between parties (servers, Bank, card reader,