SlideShare a Scribd company logo

Retail Location Security Complexities

Download as PPTX, PDF
E
Etienne Liebetrau

A short presentation that was used at a security forum dinner. This gives some insights into why retail spaces are security hotspots

Internet
1 of 12
Retail Location Security Complexities Starter Question - What is the most important / critical system in foods department store? Etienne Liebetrau - CISSP Infrastructure Architect @Woolworths Holdings South Africa, Africa and Australia Security Consultant Technical Writer Solution Deployment Contractor Researcher Firewall / UTM collector Public Speaker – working on it! The views and opinions expressed in this presentation are my personal ones based on experience in the field. It is not sanctioned by any 3rd party customer or vendor.
Foods Retail Store Example – This is the visible part to customers
The actual store footprint – offices – stock rooms – Machine / Computer
• Stock Scanners • Temp Probes • Refrigeration Monitors • Staff PC • POS PED • IOT Devices • HVAC • BMS • CCTV • POS & PEDS its own PCI Zone! Specific device types in physical zones:
• Shared infrastructure • HVAC • Lighting • Fire suppression • CCTV • Proximity IOT • WiFi Customer • WiFi Staff • WiFi Devices Specific device types in multiple zones:
LAN – Wired Network Multiple LAN Points in RED – Public Zone points subject to being hijacked LAN Points in Blue connect Wireless Aps – Each SSID is a Target Each Connected device increases you attack surface Each device type increases your vulnerability / exploit potential
WiFi is great to connect devices but comes with containment issues Signal Bleed • Not all devices are equal • Capability • Security • Vulnerability • Remediation ability • Manageability of devices WiFi eliminates need for access within the physical retail location. Defeats physical defences such as security gates & swipe card access controls
Zone LAN Access Internet / SaaS Access Cloud Access 3Rd Party Auth Stock management x PSK POS x None / AD Refridgeration x x x None HVAC / BMS x x x None IOT x x x x Basic Customer x Customer Staff x x x AD / BYOD BackOffice x x x AD Zones have different requirements • Not all zones SHOULD communicate with one another • Those that do require access to one another require integrity checking • Network segmentation required – prevent lateral penetration Required network access
Stock CUTO MER REF POS BO IOT Internet Cloud HO / Corp Legacy Approach: VLAN based segmentation Using Existing ACLs on L3 switches Fundamental problem: By default networks allow traffic Manual Blacklist Manual White List Policy Engines not geared for this No integrity checking possible L2,L3,L4 devices at best Cloud and internet access is basic ZScaler is awesome but does not address on premises requirements Conditional Access Required
Stock CUTOM ER REF POS BO IOT Internet Cloud HO / Corp L7 Net Use a Firewall as your core Advantages: Automatic Blacklist Zone Based White List Inter-zone filtering Clean traffic only - IPS Advance Routing MPLS + Inet Advanced Logging Cloud Enablement Inbound Remote access to a single zone Drawbacks: Cost Complexity Contemporary Approach
Web filtering essential • Performance – Limit unwanted traffic • Security • Liability • Customer's kid uses you Wifi for porn Basic Network protection • Perimeter network is used ion distributed attack • Your Wifi network allows client to client attacks on personal devices Multiprotocol Support – It not just Web Whats App (IM uses HTTPS on TCP Voice and Video used UDP) Peer to Peer – Traffic Signature based blocking needed. Prioritising of traffic All available bandwidth will be used – Starving essential traffic affects the Availability of systems (CIA) Customer services prioritised over customer consumption IPS – Advanced threat / C&C Botnet detection and prevention VPN Capability is Key MPLS cost reduction Connectivity to Corporate Connectivity to Cloud – Express route not viable for 500 sites
St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et Internet Cloud HO / Corp Only 4 sites + HO 1 x Azure Multi HO / DC – 2 min Multi Cloud – 2 min 100+ Retail locations Complexity becomes staggering Manual BGP and OSPF not sustainable Automation is essential Orchestrated Firewall / SDWAN What your WAN will look like soon

Recommended

2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_roomNCC Group
 
Podsystem io t_presentation2 0_design
Podsystem io t_presentation2 0_designPodsystem io t_presentation2 0_design
Podsystem io t_presentation2 0_designpodsystem1
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 
Access-control-system
Access-control-systemAccess-control-system
Access-control-systemTechera Consultants
 
Interactive Voice Response (IVR)
Interactive Voice Response (IVR)Interactive Voice Response (IVR)
Interactive Voice Response (IVR)Teckinfo Solutions Pvt. Ltd.
 
Presenting iPronto - F Leemans
Presenting iPronto - F LeemansPresenting iPronto - F Leemans
Presenting iPronto - F Leemansmfrancis
 
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...Eurotech
 
Student track
Student track Student track
Student track AOPL
 

Recommended

2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_roomNCC Group
 
Podsystem io t_presentation2 0_design
Podsystem io t_presentation2 0_designPodsystem io t_presentation2 0_design
Podsystem io t_presentation2 0_designpodsystem1
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityPrecisely
 
Access-control-system
Access-control-systemAccess-control-system
Access-control-systemTechera Consultants
 
Interactive Voice Response (IVR)
Interactive Voice Response (IVR)Interactive Voice Response (IVR)
Interactive Voice Response (IVR)Teckinfo Solutions Pvt. Ltd.
 
Presenting iPronto - F Leemans
Presenting iPronto - F LeemansPresenting iPronto - F Leemans
Presenting iPronto - F Leemansmfrancis
 
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...Eurotech
 
Student track
Student track Student track
Student track AOPL
 
Physical security-system
Physical security-systemPhysical security-system
Physical security-systemTechera Consultants
 
FACTS seminar ppt
FACTS seminar pptFACTS seminar ppt
FACTS seminar pptASHOK KUMAR PALAKI
 
The Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server ComputingThe Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server ComputingThe Integral Worm
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire Vijay Νavgire
 
從傳統型IP cam走向智慧型IP cam
從傳統型IP cam走向智慧型IP cam從傳統型IP cam走向智慧型IP cam
從傳統型IP cam走向智慧型IP camHermesDDS
 
How to Protect Against TDOS Attacks
How to Protect Against TDOS AttacksHow to Protect Against TDOS Attacks
How to Protect Against TDOS AttacksAlan Percy
 
Cybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD IssueCybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD IssueRobert E Jones
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic KeyIBM Security
 
Netbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3gNetbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3gnetbiter
 
Service Providers in Hyderabad
Service Providers in HyderabadService Providers in Hyderabad
Service Providers in HyderabadSoosleInfotech
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensicsprimeteacher32
 
The Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless WorkplaceThe Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless WorkplaceAruba, a Hewlett Packard Enterprise company
 
My ppt
My pptMy ppt
My pptArun Ramachandran
 
Sensor Guard Point Net Short presentation
Sensor Guard Point Net Short presentationSensor Guard Point Net Short presentation
Sensor Guard Point Net Short presentationEdward vd Berg
 
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutionsCanon Business CEE
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_Datasheet7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_DatasheetAgnes Sokol
 
Thin Client Overview
Thin Client OverviewThin Client Overview
Thin Client OverviewAlex Little
 
Access control basics-2
Access control basics-2Access control basics-2
Access control basics-2grantlerc
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.pptssuser530a07
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Jiunn-Jer Sun
 

More Related Content

What's hot

The Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server ComputingThe Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server ComputingThe Integral Worm
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire Vijay Νavgire
 
從傳統型IP cam走向智慧型IP cam
從傳統型IP cam走向智慧型IP cam從傳統型IP cam走向智慧型IP cam
從傳統型IP cam走向智慧型IP camHermesDDS
 
How to Protect Against TDOS Attacks
How to Protect Against TDOS AttacksHow to Protect Against TDOS Attacks
How to Protect Against TDOS AttacksAlan Percy
 
Cybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD IssueCybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD IssueRobert E Jones
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic KeyIBM Security
 
Netbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3gNetbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3gnetbiter
 
Service Providers in Hyderabad
Service Providers in HyderabadService Providers in Hyderabad
Service Providers in HyderabadSoosleInfotech
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the EnterpriseWill Adams
 
Sensor Guard Point Net Short presentation
Sensor Guard Point Net Short presentationSensor Guard Point Net Short presentation
Sensor Guard Point Net Short presentationEdward vd Berg
 
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutionsCanon Business CEE
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_Datasheet7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_DatasheetAgnes Sokol
 
Thin Client Overview
Thin Client OverviewThin Client Overview
Thin Client OverviewAlex Little
 
Access control basics-2
Access control basics-2Access control basics-2
Access control basics-2grantlerc
 

What's hot (20)

Physical security-system
Physical security-systemPhysical security-system
Physical security-system
 
FACTS seminar ppt
FACTS seminar pptFACTS seminar ppt
FACTS seminar ppt
 
The Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server ComputingThe Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server Computing
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire
 
從傳統型IP cam走向智慧型IP cam
從傳統型IP cam走向智慧型IP cam從傳統型IP cam走向智慧型IP cam
從傳統型IP cam走向智慧型IP cam
 
How to Protect Against TDOS Attacks
How to Protect Against TDOS AttacksHow to Protect Against TDOS Attacks
How to Protect Against TDOS Attacks
 
Cybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD IssueCybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD Issue
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic Key
 
Netbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3gNetbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3g
 
Service Providers in Hyderabad
Service Providers in HyderabadService Providers in Hyderabad
Service Providers in Hyderabad
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
The Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless WorkplaceThe Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless Workplace
 
My ppt
My pptMy ppt
My ppt
 
Sensor Guard Point Net Short presentation
Sensor Guard Point Net Short presentationSensor Guard Point Net Short presentation
Sensor Guard Point Net Short presentation
 
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_Datasheet7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_Datasheet
 
Thin Client Overview
Thin Client OverviewThin Client Overview
Thin Client Overview
 
Access control basics-2
Access control basics-2Access control basics-2
Access control basics-2
 

Similar to Retail Location Security Complexities

Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Jiunn-Jer Sun
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceChristopher Gerritz
 
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...Rick G. Garibay
 
Cloaking is the new perimeter
Cloaking is the new perimeterCloaking is the new perimeter
Cloaking is the new perimeterTempered
 
Cloaking is the new perimeter
Cloaking is the new perimeterCloaking is the new perimeter
Cloaking is the new perimeterTempered
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
From the Internet of Things to Intelligent Systems: A Developer's Primer
From the Internet of Things to Intelligent Systems: A Developer's PrimerFrom the Internet of Things to Intelligent Systems: A Developer's Primer
From the Internet of Things to Intelligent Systems: A Developer's PrimerRick G. Garibay
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsHoneywell
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)Jeff Green
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)Jeff Green
 
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PROIDEA
 
Dncybersecurity
DncybersecurityDncybersecurity
DncybersecurityAnne Starr
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesThe IOT Academy
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataPrecisely
 

Similar to Retail Location Security Complexities (20)

firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
 
Fetc byod best_prac
Fetc byod best_pracFetc byod best_prac
Fetc byod best_prac
 
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
 
Cloaking is the new perimeter
Cloaking is the new perimeterCloaking is the new perimeter
Cloaking is the new perimeter
 
Cloaking is the new perimeter
Cloaking is the new perimeterCloaking is the new perimeter
Cloaking is the new perimeter
 
Fetc byod best_prac
Fetc byod best_pracFetc byod best_prac
Fetc byod best_prac
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
From the Internet of Things to Intelligent Systems: A Developer's Primer
From the Internet of Things to Intelligent Systems: A Developer's PrimerFrom the Internet of Things to Intelligent Systems: A Developer's Primer
From the Internet of Things to Intelligent Systems: A Developer's Primer
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
 
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and Challenges
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Airheads vail 2011 air wave overview
Airheads vail 2011 air wave overviewAirheads vail 2011 air wave overview
Airheads vail 2011 air wave overview
 

Recently uploaded

Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 

Recently uploaded (20)

Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Ashram Chowk Delhi 💯Call Us 🔝8264348440🔝
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 

Retail Location Security Complexities

  • 1. Retail Location Security Complexities Starter Question - What is the most important / critical system in foods department store? Etienne Liebetrau - CISSP Infrastructure Architect @Woolworths Holdings South Africa, Africa and Australia Security Consultant Technical Writer Solution Deployment Contractor Researcher Firewall / UTM collector Public Speaker – working on it! The views and opinions expressed in this presentation are my personal ones based on experience in the field. It is not sanctioned by any 3rd party customer or vendor.
  • 2. Foods Retail Store Example – This is the visible part to customers
  • 3. The actual store footprint – offices – stock rooms – Machine / Computer
  • 4. • Stock Scanners • Temp Probes • Refrigeration Monitors • Staff PC • POS PED • IOT Devices • HVAC • BMS • CCTV • POS & PEDS its own PCI Zone! Specific device types in physical zones:
  • 5. • Shared infrastructure • HVAC • Lighting • Fire suppression • CCTV • Proximity IOT • WiFi Customer • WiFi Staff • WiFi Devices Specific device types in multiple zones:
  • 6. LAN – Wired Network Multiple LAN Points in RED – Public Zone points subject to being hijacked LAN Points in Blue connect Wireless Aps – Each SSID is a Target Each Connected device increases you attack surface Each device type increases your vulnerability / exploit potential
  • 7. WiFi is great to connect devices but comes with containment issues Signal Bleed • Not all devices are equal • Capability • Security • Vulnerability • Remediation ability • Manageability of devices WiFi eliminates need for access within the physical retail location. Defeats physical defences such as security gates & swipe card access controls
  • 8. Zone LAN Access Internet / SaaS Access Cloud Access 3Rd Party Auth Stock management x PSK POS x None / AD Refridgeration x x x None HVAC / BMS x x x None IOT x x x x Basic Customer x Customer Staff x x x AD / BYOD BackOffice x x x AD Zones have different requirements • Not all zones SHOULD communicate with one another • Those that do require access to one another require integrity checking • Network segmentation required – prevent lateral penetration Required network access
  • 9. Stock CUTO MER REF POS BO IOT Internet Cloud HO / Corp Legacy Approach: VLAN based segmentation Using Existing ACLs on L3 switches Fundamental problem: By default networks allow traffic Manual Blacklist Manual White List Policy Engines not geared for this No integrity checking possible L2,L3,L4 devices at best Cloud and internet access is basic ZScaler is awesome but does not address on premises requirements Conditional Access Required
  • 10. Stock CUTOM ER REF POS BO IOT Internet Cloud HO / Corp L7 Net Use a Firewall as your core Advantages: Automatic Blacklist Zone Based White List Inter-zone filtering Clean traffic only - IPS Advance Routing MPLS + Inet Advanced Logging Cloud Enablement Inbound Remote access to a single zone Drawbacks: Cost Complexity Contemporary Approach
  • 11. Web filtering essential • Performance – Limit unwanted traffic • Security • Liability • Customer's kid uses you Wifi for porn Basic Network protection • Perimeter network is used ion distributed attack • Your Wifi network allows client to client attacks on personal devices Multiprotocol Support – It not just Web Whats App (IM uses HTTPS on TCP Voice and Video used UDP) Peer to Peer – Traffic Signature based blocking needed. Prioritising of traffic All available bandwidth will be used – Starving essential traffic affects the Availability of systems (CIA) Customer services prioritised over customer consumption IPS – Advanced threat / C&C Botnet detection and prevention VPN Capability is Key MPLS cost reduction Connectivity to Corporate Connectivity to Cloud – Express route not viable for 500 sites
  • 12. St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et Internet Cloud HO / Corp Only 4 sites + HO 1 x Azure Multi HO / DC – 2 min Multi Cloud – 2 min 100+ Retail locations Complexity becomes staggering Manual BGP and OSPF not sustainable Automation is essential Orchestrated Firewall / SDWAN What your WAN will look like soon