EL
Uploaded byEtienne Liebetrau
PPTX, PDF38 views

Retail Location Security Complexities

The document discusses security complexities in retail food department stores, focusing on critical systems and network segmentation. It highlights the vulnerabilities introduced by various devices, particularly in wireless networks, and emphasizes the need for advanced network management and security measures. The presentation suggests transitioning to automation and orchestrated firewalls to enhance connectivity and protect against threats across multiple retail locations.

Internet
Related topics:
Cyber-Security

Embed presentation

Download to read offline
Retail Location Security Complexities Starter Question - What is the most important / critical system in foods department store? Etienne Liebetrau - CISSP Infrastructure Architect @Woolworths Holdings South Africa, Africa and Australia Security Consultant Technical Writer Solution Deployment Contractor Researcher Firewall / UTM collector Public Speaker – working on it! The views and opinions expressed in this presentation are my personal ones based on experience in the field. It is not sanctioned by any 3rd party customer or vendor.
Foods Retail Store Example – This is the visible part to customers
The actual store footprint – offices – stock rooms – Machine / Computer
• Stock Scanners • Temp Probes • Refrigeration Monitors • Staff PC • POS PED • IOT Devices • HVAC • BMS • CCTV • POS & PEDS its own PCI Zone! Specific device types in physical zones:
• Shared infrastructure • HVAC • Lighting • Fire suppression • CCTV • Proximity IOT • WiFi Customer • WiFi Staff • WiFi Devices Specific device types in multiple zones:
LAN – Wired Network Multiple LAN Points in RED – Public Zone points subject to being hijacked LAN Points in Blue connect Wireless Aps – Each SSID is a Target Each Connected device increases you attack surface Each device type increases your vulnerability / exploit potential
WiFi is great to connect devices but comes with containment issues Signal Bleed • Not all devices are equal • Capability • Security • Vulnerability • Remediation ability • Manageability of devices WiFi eliminates need for access within the physical retail location. Defeats physical defences such as security gates & swipe card access controls
Zone LAN Access Internet / SaaS Access Cloud Access 3Rd Party Auth Stock management x PSK POS x None / AD Refridgeration x x x None HVAC / BMS x x x None IOT x x x x Basic Customer x Customer Staff x x x AD / BYOD BackOffice x x x AD Zones have different requirements • Not all zones SHOULD communicate with one another • Those that do require access to one another require integrity checking • Network segmentation required – prevent lateral penetration Required network access
Stock CUTO MER REF POS BO IOT Internet Cloud HO / Corp Legacy Approach: VLAN based segmentation Using Existing ACLs on L3 switches Fundamental problem: By default networks allow traffic Manual Blacklist Manual White List Policy Engines not geared for this No integrity checking possible L2,L3,L4 devices at best Cloud and internet access is basic ZScaler is awesome but does not address on premises requirements Conditional Access Required
Stock CUTOM ER REF POS BO IOT Internet Cloud HO / Corp L7 Net Use a Firewall as your core Advantages: Automatic Blacklist Zone Based White List Inter-zone filtering Clean traffic only - IPS Advance Routing MPLS + Inet Advanced Logging Cloud Enablement Inbound Remote access to a single zone Drawbacks: Cost Complexity Contemporary Approach
Web filtering essential • Performance – Limit unwanted traffic • Security • Liability • Customer's kid uses you Wifi for porn Basic Network protection • Perimeter network is used ion distributed attack • Your Wifi network allows client to client attacks on personal devices Multiprotocol Support – It not just Web Whats App (IM uses HTTPS on TCP Voice and Video used UDP) Peer to Peer – Traffic Signature based blocking needed. Prioritising of traffic All available bandwidth will be used – Starving essential traffic affects the Availability of systems (CIA) Customer services prioritised over customer consumption IPS – Advanced threat / C&C Botnet detection and prevention VPN Capability is Key MPLS cost reduction Connectivity to Corporate Connectivity to Cloud – Express route not viable for 500 sites
St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et Internet Cloud HO / Corp Only 4 sites + HO 1 x Azure Multi HO / DC – 2 min Multi Cloud – 2 min 100+ Retail locations Complexity becomes staggering Manual BGP and OSPF not sustainable Automation is essential Orchestrated Firewall / SDWAN What your WAN will look like soon

More Related Content

PPTX
Access-control-system
byTechera Consultants
 
PDF
2012 12-04 --ncc_group_-_mobile_threat_war_room
byNCC Group
 
PPT
Podsystem io t_presentation2 0_design
bypodsystem1
 
PPTX
Essential Layers of IBM i Security: System-Access Security
byPrecisely
 
PPTX
Interactive Voice Response (IVR)
byTeckinfo Solutions Pvt. Ltd.
 
PDF
Presenting iPronto - F Leemans
bymfrancis
 
PDF
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
byEurotech
 
PPSX
Student track
byAOPL
 
Access-control-system
byTechera Consultants
 
2012 12-04 --ncc_group_-_mobile_threat_war_room
byNCC Group
 
Podsystem io t_presentation2 0_design
bypodsystem1
 
Essential Layers of IBM i Security: System-Access Security
byPrecisely
 
Interactive Voice Response (IVR)
byTeckinfo Solutions Pvt. Ltd.
 
Presenting iPronto - F Leemans
bymfrancis
 
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
byEurotech
 
Student track
byAOPL
 

What's hot

PPTX
Physical security-system
byTechera Consultants
 
PPTX
FACTS seminar ppt
byASHOK KUMAR PALAKI
 
PPT
The Good, the bad, and the ugly of Thin Client/Server Computing
byThe Integral Worm
 
PDF
Resume | Vijay Navgire
byVijay Νavgire
 
PDF
從傳統型IP cam走向智慧型IP cam
byHermesDDS
 
PPTX
How to Protect Against TDOS Attacks
byAlan Percy
 
PPTX
Cybersecurity: More than A DoD Issue
byRobert E Jones
 
PDF
How to Hack a Cryptographic Key
byIBM Security
 
PPTX
Netbiter solutions to m2m problems with ethernet and gprs 3g
bynetbiter
 
PPTX
Service Providers in Hyderabad
bySoosleInfotech
 
PPTX
Mobile Security for the Enterprise
byWill Adams
 
PPTX
Mobile Forensics
byprimeteacher32
 
PDF
The Unstoppable Demand for the All-Wireless Workplace
byAruba, a Hewlett Packard Enterprise company
 
PPT
My ppt
byArun Ramachandran
 
PPTX
Sensor Guard Point Net Short presentation
byEdward vd Berg
 
PDF
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
byCanon Business CEE
 
PPTX
IoT Security: Debunking the "We Aren't THAT Connected" Myth
bySecurity Innovation
 
PDF
7_16_BrivoOnAir_Datasheet
byAgnes Sokol
 
ODP
Thin Client Overview
byAlex Little
 
PPT
Access control basics-2
bygrantlerc
 
Physical security-system
byTechera Consultants
 
FACTS seminar ppt
byASHOK KUMAR PALAKI
 
The Good, the bad, and the ugly of Thin Client/Server Computing
byThe Integral Worm
 
Resume | Vijay Navgire
byVijay Νavgire
 
從傳統型IP cam走向智慧型IP cam
byHermesDDS
 
How to Protect Against TDOS Attacks
byAlan Percy
 
Cybersecurity: More than A DoD Issue
byRobert E Jones
 
How to Hack a Cryptographic Key
byIBM Security
 
Netbiter solutions to m2m problems with ethernet and gprs 3g
bynetbiter
 
Service Providers in Hyderabad
bySoosleInfotech
 
Mobile Security for the Enterprise
byWill Adams
 
Mobile Forensics
byprimeteacher32
 
The Unstoppable Demand for the All-Wireless Workplace
byAruba, a Hewlett Packard Enterprise company
 
My ppt
byArun Ramachandran
 
Sensor Guard Point Net Short presentation
byEdward vd Berg
 
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
byCanon Business CEE
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
bySecurity Innovation
 
7_16_BrivoOnAir_Datasheet
byAgnes Sokol
 
Thin Client Overview
byAlex Little
 
Access control basics-2
bygrantlerc
 

Similar to Retail Location Security Complexities

PDF
The journey to ICS - Extended
byLarry Vandenaweele
 
PDF
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
byAirTight Networks
 
PPTX
How to start your IOT journey
byChetan Kumar S
 
PPTX
Network Security Architecture
byInnoTech
 
PDF
Ryan Wilson - ryanwilson.com - IoT Security
byRyan Wilson
 
PPTX
Firewall, Router and Switch Configuration Review
byChristine MacDonald
 
PDF
IOT & Security in Industrial Systems.
byKapil Sabharwal
 
PDF
Industrial IOT and Security
byKapil Sabharwal
 
PDF
Chapter 1 - Lesson 1 - Overview Infrastructure Design
byCarlo Dapino
 
PPTX
Unit_3.pptx
byRAMESHMRA21130030110
 
PPTX
Blueprint for creating a Secure IoT Product
byGuy Vinograd ☁
 
PDF
Retail Stores and Wireless Security—Recommendations
byAirTight Networks
 
PPTX
CyberSecurity Best Practices for the IIoT
byCreekside Marketing Group, LLC
 
PPTX
Building Converged Plantwide Ethernet
byRockwell Automation
 
PDF
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
bysandhibhide
 
PDF
Security Assessment Report and Business Continuity Plan
byChanaka Lasantha
 
PDF
The definitive guide for evaluating enterprise WLAN networks
byAerohive Networks
 
PDF
Data center 2.0: Data center built for private cloud by Mr. Cheng Che Hoo of ...
byHKISPA
 
PPTX
630755195-Chapter-1-PPT-1-pptx.pptx
byssuser8ca25e
 
PDF
80211 the end of wireles or is it
byInterop
 
The journey to ICS - Extended
byLarry Vandenaweele
 
AirTight Secure Wi-Fi™ Cloud-based Secure Wi-Fi Access with PCI Wireless Scan...
byAirTight Networks
 
How to start your IOT journey
byChetan Kumar S
 
Network Security Architecture
byInnoTech
 
Ryan Wilson - ryanwilson.com - IoT Security
byRyan Wilson
 
Firewall, Router and Switch Configuration Review
byChristine MacDonald
 
IOT & Security in Industrial Systems.
byKapil Sabharwal
 
Industrial IOT and Security
byKapil Sabharwal
 
Chapter 1 - Lesson 1 - Overview Infrastructure Design
byCarlo Dapino
 
Unit_3.pptx
byRAMESHMRA21130030110
 
Blueprint for creating a Secure IoT Product
byGuy Vinograd ☁
 
Retail Stores and Wireless Security—Recommendations
byAirTight Networks
 
CyberSecurity Best Practices for the IIoT
byCreekside Marketing Group, LLC
 
Building Converged Plantwide Ethernet
byRockwell Automation
 
SIM Portland IOT - Sandhi Bhide - (09-14-2016)
bysandhibhide
 
Security Assessment Report and Business Continuity Plan
byChanaka Lasantha
 
The definitive guide for evaluating enterprise WLAN networks
byAerohive Networks
 
Data center 2.0: Data center built for private cloud by Mr. Cheng Che Hoo of ...
byHKISPA
 
630755195-Chapter-1-PPT-1-pptx.pptx
byssuser8ca25e
 
80211 the end of wireles or is it
byInterop
 

Recently uploaded

PPTX
Computer Science Degree for College .pptx
byHanenek1
 
PPTX
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PPTX
Computer Networks 01[1 using all terms].pptx
bywaqasahmedbhatti633
 
PDF
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
PPTX
Ideathon template.pptx it is a ideathon template
bykonav71133
 
PPTX
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
PPTX
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 
PDF
classification of elements and periodicity.pdf
byaryanshreya2010
 
PDF
Micro project .pdf drone technology Report
byRenitaMamgain
 
PPT
Memory Organization In Assembly Language
byumairmuhammad0409
 
PPT
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
PPTX
Introduction Digital Signal Processing.pptx
byumairmuhammad0409
 
PPTX
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
PDF
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
PDF
Hire-NET-Developers. Dot Net Developers
byDigisoft Solution
 
PPTX
Bibhav Singh.pptx it's very useful for us it's in very good and very nice
byabhishekjaiswal5th33
 
PPTX
Role of VMware and Cloud Computing in CyberSecurity.pptx
byalehanoor1325
 
PPTX
ChatGPT on education positively snd negatively
by88rtgpscxx
 
PPT
html-forms in web development-courseICT.
bymadz33
 
Computer Science Degree for College .pptx
byHanenek1
 
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
Computer Networks 01[1 using all terms].pptx
bywaqasahmedbhatti633
 
Here are the winners of KALIDASA SAMMAN.
byglcppro
 
Ideathon template.pptx it is a ideathon template
bykonav71133
 
SriLank SLT LTE Network Sharing V2.pptx
bynthuang
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 
classification of elements and periodicity.pdf
byaryanshreya2010
 
Micro project .pdf drone technology Report
byRenitaMamgain
 
Memory Organization In Assembly Language
byumairmuhammad0409
 
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
Introduction Digital Signal Processing.pptx
byumairmuhammad0409
 
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
Hire-NET-Developers. Dot Net Developers
byDigisoft Solution
 
Bibhav Singh.pptx it's very useful for us it's in very good and very nice
byabhishekjaiswal5th33
 
Role of VMware and Cloud Computing in CyberSecurity.pptx
byalehanoor1325
 
ChatGPT on education positively snd negatively
by88rtgpscxx
 
html-forms in web development-courseICT.
bymadz33
 

Retail Location Security Complexities

  • 1.
    Retail Location SecurityComplexities Starter Question - What is the most important / critical system in foods department store? Etienne Liebetrau - CISSP Infrastructure Architect @Woolworths Holdings South Africa, Africa and Australia Security Consultant Technical Writer Solution Deployment Contractor Researcher Firewall / UTM collector Public Speaker – working on it! The views and opinions expressed in this presentation are my personal ones based on experience in the field. It is not sanctioned by any 3rd party customer or vendor.
  • 2.
    Foods Retail StoreExample – This is the visible part to customers
  • 3.
    The actual storefootprint – offices – stock rooms – Machine / Computer
  • 4.
    • Stock Scanners •Temp Probes • Refrigeration Monitors • Staff PC • POS PED • IOT Devices • HVAC • BMS • CCTV • POS & PEDS its own PCI Zone! Specific device types in physical zones:
  • 5.
    • Shared infrastructure •HVAC • Lighting • Fire suppression • CCTV • Proximity IOT • WiFi Customer • WiFi Staff • WiFi Devices Specific device types in multiple zones:
  • 6.
    LAN – WiredNetwork Multiple LAN Points in RED – Public Zone points subject to being hijacked LAN Points in Blue connect Wireless Aps – Each SSID is a Target Each Connected device increases you attack surface Each device type increases your vulnerability / exploit potential
  • 7.
    WiFi is greatto connect devices but comes with containment issues Signal Bleed • Not all devices are equal • Capability • Security • Vulnerability • Remediation ability • Manageability of devices WiFi eliminates need for access within the physical retail location. Defeats physical defences such as security gates & swipe card access controls
  • 8.
    Zone LAN Access Internet/ SaaS Access Cloud Access 3Rd Party Auth Stock management x PSK POS x None / AD Refridgeration x x x None HVAC / BMS x x x None IOT x x x x Basic Customer x Customer Staff x x x AD / BYOD BackOffice x x x AD Zones have different requirements • Not all zones SHOULD communicate with one another • Those that do require access to one another require integrity checking • Network segmentation required – prevent lateral penetration Required network access
  • 9.
    Stock CUTO MER REF POS BO IOT Internet Cloud HO / Corp LegacyApproach: VLAN based segmentation Using Existing ACLs on L3 switches Fundamental problem: By default networks allow traffic Manual Blacklist Manual White List Policy Engines not geared for this No integrity checking possible L2,L3,L4 devices at best Cloud and internet access is basic ZScaler is awesome but does not address on premises requirements Conditional Access Required
  • 10.
    Stock CUTOM ER REF POS BO IOT Internet Cloud HO / Corp L7Net Use a Firewall as your core Advantages: Automatic Blacklist Zone Based White List Inter-zone filtering Clean traffic only - IPS Advance Routing MPLS + Inet Advanced Logging Cloud Enablement Inbound Remote access to a single zone Drawbacks: Cost Complexity Contemporary Approach
  • 11.
    Web filtering essential •Performance – Limit unwanted traffic • Security • Liability • Customer's kid uses you Wifi for porn Basic Network protection • Perimeter network is used ion distributed attack • Your Wifi network allows client to client attacks on personal devices Multiprotocol Support – It not just Web Whats App (IM uses HTTPS on TCP Voice and Video used UDP) Peer to Peer – Traffic Signature based blocking needed. Prioritising of traffic All available bandwidth will be used – Starving essential traffic affects the Availability of systems (CIA) Customer services prioritised over customer consumption IPS – Advanced threat / C&C Botnet detection and prevention VPN Capability is Key MPLS cost reduction Connectivity to Corporate Connectivity to Cloud – Express route not viable for 500 sites
  • 12.
    St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et Internet Cloud HO / Corp Only 4sites + HO 1 x Azure Multi HO / DC – 2 min Multi Cloud – 2 min 100+ Retail locations Complexity becomes staggering Manual BGP and OSPF not sustainable Automation is essential Orchestrated Firewall / SDWAN What your WAN will look like soon