SlideShare una empresa de Scribd logo

Retail Location Security Complexities

Descargar como PPTX, PDF
E
Etienne Liebetrau

A short presentation that was used at a security forum dinner. This gives some insights into why retail spaces are security hotspots

Internet
1 de 12
Retail Location Security Complexities Starter Question - What is the most important / critical system in foods department store? Etienne Liebetrau - CISSP Infrastructure Architect @Woolworths Holdings South Africa, Africa and Australia Security Consultant Technical Writer Solution Deployment Contractor Researcher Firewall / UTM collector Public Speaker – working on it! The views and opinions expressed in this presentation are my personal ones based on experience in the field. It is not sanctioned by any 3rd party customer or vendor.
Foods Retail Store Example – This is the visible part to customers
The actual store footprint – offices – stock rooms – Machine / Computer
• Stock Scanners • Temp Probes • Refrigeration Monitors • Staff PC • POS PED • IOT Devices • HVAC • BMS • CCTV • POS & PEDS its own PCI Zone! Specific device types in physical zones:
• Shared infrastructure • HVAC • Lighting • Fire suppression • CCTV • Proximity IOT • WiFi Customer • WiFi Staff • WiFi Devices Specific device types in multiple zones:
LAN – Wired Network Multiple LAN Points in RED – Public Zone points subject to being hijacked LAN Points in Blue connect Wireless Aps – Each SSID is a Target Each Connected device increases you attack surface Each device type increases your vulnerability / exploit potential
WiFi is great to connect devices but comes with containment issues Signal Bleed • Not all devices are equal • Capability • Security • Vulnerability • Remediation ability • Manageability of devices WiFi eliminates need for access within the physical retail location. Defeats physical defences such as security gates & swipe card access controls
Zone LAN Access Internet / SaaS Access Cloud Access 3Rd Party Auth Stock management x PSK POS x None / AD Refridgeration x x x None HVAC / BMS x x x None IOT x x x x Basic Customer x Customer Staff x x x AD / BYOD BackOffice x x x AD Zones have different requirements • Not all zones SHOULD communicate with one another • Those that do require access to one another require integrity checking • Network segmentation required – prevent lateral penetration Required network access
Stock CUTO MER REF POS BO IOT Internet Cloud HO / Corp Legacy Approach: VLAN based segmentation Using Existing ACLs on L3 switches Fundamental problem: By default networks allow traffic Manual Blacklist Manual White List Policy Engines not geared for this No integrity checking possible L2,L3,L4 devices at best Cloud and internet access is basic ZScaler is awesome but does not address on premises requirements Conditional Access Required
Stock CUTOM ER REF POS BO IOT Internet Cloud HO / Corp L7 Net Use a Firewall as your core Advantages: Automatic Blacklist Zone Based White List Inter-zone filtering Clean traffic only - IPS Advance Routing MPLS + Inet Advanced Logging Cloud Enablement Inbound Remote access to a single zone Drawbacks: Cost Complexity Contemporary Approach
Web filtering essential • Performance – Limit unwanted traffic • Security • Liability • Customer's kid uses you Wifi for porn Basic Network protection • Perimeter network is used ion distributed attack • Your Wifi network allows client to client attacks on personal devices Multiprotocol Support – It not just Web Whats App (IM uses HTTPS on TCP Voice and Video used UDP) Peer to Peer – Traffic Signature based blocking needed. Prioritising of traffic All available bandwidth will be used – Starving essential traffic affects the Availability of systems (CIA) Customer services prioritised over customer consumption IPS – Advanced threat / C&C Botnet detection and prevention VPN Capability is Key MPLS cost reduction Connectivity to Corporate Connectivity to Cloud – Express route not viable for 500 sites
St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et Internet Cloud HO / Corp Only 4 sites + HO 1 x Azure Multi HO / DC – 2 min Multi Cloud – 2 min 100+ Retail locations Complexity becomes staggering Manual BGP and OSPF not sustainable Automation is essential Orchestrated Firewall / SDWAN What your WAN will look like soon

Recomendados

2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room
NCC Group
 
Podsystem io t_presentation2 0_design
Podsystem io t_presentation2 0_designPodsystem io t_presentation2 0_design
Podsystem io t_presentation2 0_design
podsystem1
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
Precisely
 
Access-control-system
Access-control-systemAccess-control-system
Access-control-system
Techera Consultants
 
Interactive Voice Response (IVR)
Interactive Voice Response (IVR)Interactive Voice Response (IVR)
Interactive Voice Response (IVR)
Teckinfo Solutions Pvt. Ltd.
 
Presenting iPronto - F Leemans
Presenting iPronto - F LeemansPresenting iPronto - F Leemans
Presenting iPronto - F Leemans
mfrancis
 
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
Eurotech
 
Student track
Student track Student track
Student track
AOPL
 

Recomendados

2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room2012 12-04 --ncc_group_-_mobile_threat_war_room
2012 12-04 --ncc_group_-_mobile_threat_war_room
NCC Group
 
Podsystem io t_presentation2 0_design
Podsystem io t_presentation2 0_designPodsystem io t_presentation2 0_design
Podsystem io t_presentation2 0_design
podsystem1
 
Essential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access SecurityEssential Layers of IBM i Security: System-Access Security
Essential Layers of IBM i Security: System-Access Security
Precisely
 
Access-control-system
Access-control-systemAccess-control-system
Access-control-system
Techera Consultants
 
Interactive Voice Response (IVR)
Interactive Voice Response (IVR)Interactive Voice Response (IVR)
Interactive Voice Response (IVR)
Teckinfo Solutions Pvt. Ltd.
 
Presenting iPronto - F Leemans
Presenting iPronto - F LeemansPresenting iPronto - F Leemans
Presenting iPronto - F Leemans
mfrancis
 
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
Addressing the Complexity of M2M Projects using Multi-Service Gateways and M2...
Eurotech
 
Student track
Student track Student track
Student track
AOPL
 
Physical security-system
Physical security-systemPhysical security-system
Physical security-system
Techera Consultants
 
FACTS seminar ppt
FACTS seminar pptFACTS seminar ppt
FACTS seminar ppt
ASHOK KUMAR PALAKI
 
The Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server ComputingThe Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server Computing
The Integral Worm
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire
Vijay Νavgire
 
從傳統型IP cam走向智慧型IP cam
從傳統型IP cam走向智慧型IP cam從傳統型IP cam走向智慧型IP cam
從傳統型IP cam走向智慧型IP cam
HermesDDS
 
How to Protect Against TDOS Attacks
How to Protect Against TDOS AttacksHow to Protect Against TDOS Attacks
How to Protect Against TDOS Attacks
Alan Percy
 
Cybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD IssueCybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD Issue
Robert E Jones
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic Key
IBM Security
 
Netbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3gNetbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3g
netbiter
 
Service Providers in Hyderabad
Service Providers in HyderabadService Providers in Hyderabad
Service Providers in Hyderabad
SoosleInfotech
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
Will Adams
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
primeteacher32
 
The Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless WorkplaceThe Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless Workplace
Aruba, a Hewlett Packard Enterprise company
 
My ppt
My pptMy ppt
My ppt
Arun Ramachandran
 
Sensor Guard Point Net Short presentation
Sensor Guard Point Net Short presentationSensor Guard Point Net Short presentation
Sensor Guard Point Net Short presentation
Edward vd Berg
 
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
Canon Business CEE
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_Datasheet7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_Datasheet
Agnes Sokol
 
Thin Client Overview
Thin Client OverviewThin Client Overview
Thin Client Overview
Alex Little
 
Access control basics-2
Access control basics-2Access control basics-2
Access control basics-2
grantlerc
 
firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
ssuser530a07
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Jiunn-Jer Sun
 

Más contenido relacionado

La actualidad más candente

How to Protect Against TDOS Attacks
How to Protect Against TDOS AttacksHow to Protect Against TDOS Attacks
How to Protect Against TDOS Attacks
Alan Percy
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic Key
IBM Security
 
Netbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3gNetbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3g
netbiter
 
Service Providers in Hyderabad
Service Providers in HyderabadService Providers in Hyderabad
Service Providers in Hyderabad
SoosleInfotech
 
The Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless WorkplaceThe Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless Workplace
Aruba, a Hewlett Packard Enterprise company
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
Security Innovation
 
7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_Datasheet7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_Datasheet
Agnes Sokol
 

La actualidad más candente (20)

Physical security-system
Physical security-systemPhysical security-system
Physical security-system
 
FACTS seminar ppt
FACTS seminar pptFACTS seminar ppt
FACTS seminar ppt
 
The Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server ComputingThe Good, the bad, and the ugly of Thin Client/Server Computing
The Good, the bad, and the ugly of Thin Client/Server Computing
 
Resume | Vijay Navgire
Resume | Vijay Navgire Resume | Vijay Navgire
Resume | Vijay Navgire
 
從傳統型IP cam走向智慧型IP cam
從傳統型IP cam走向智慧型IP cam從傳統型IP cam走向智慧型IP cam
從傳統型IP cam走向智慧型IP cam
 
How to Protect Against TDOS Attacks
How to Protect Against TDOS AttacksHow to Protect Against TDOS Attacks
How to Protect Against TDOS Attacks
 
Cybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD IssueCybersecurity: More than A DoD Issue
Cybersecurity: More than A DoD Issue
 
How to Hack a Cryptographic Key
How to Hack a Cryptographic KeyHow to Hack a Cryptographic Key
How to Hack a Cryptographic Key
 
Netbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3gNetbiter solutions to m2m problems with ethernet and gprs 3g
Netbiter solutions to m2m problems with ethernet and gprs 3g
 
Service Providers in Hyderabad
Service Providers in HyderabadService Providers in Hyderabad
Service Providers in Hyderabad
 
Mobile Security for the Enterprise
Mobile Security for the EnterpriseMobile Security for the Enterprise
Mobile Security for the Enterprise
 
Mobile Forensics
Mobile ForensicsMobile Forensics
Mobile Forensics
 
The Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless WorkplaceThe Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless Workplace
 
My ppt
My pptMy ppt
My ppt
 
Sensor Guard Point Net Short presentation
Sensor Guard Point Net Short presentationSensor Guard Point Net Short presentation
Sensor Guard Point Net Short presentation
 
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
8 WAYS TO PROTECT THE DATA IN YOUR OFFICE: #3 Trust in your office solutions
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_Datasheet7_16_BrivoOnAir_Datasheet
7_16_BrivoOnAir_Datasheet
 
Thin Client Overview
Thin Client OverviewThin Client Overview
Thin Client Overview
 
Access control basics-2
Access control basics-2Access control basics-2
Access control basics-2
 

Similar a Retail Location Security Complexities

CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
Creekside Marketing Group, LLC
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)
Jeff Green
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)
Jeff Green
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
Business of Software Conference
 

Similar a Retail Location Security Complexities (20)

firewall.ppt
firewall.pptfirewall.ppt
firewall.ppt
 
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
Build A Solid Foundation For Industrial Network Security - Cybersecurity Webi...
 
Incident Response for the Work-from-home Workforce
Incident Response for the Work-from-home WorkforceIncident Response for the Work-from-home Workforce
Incident Response for the Work-from-home Workforce
 
Fetc byod best_prac
Fetc byod best_pracFetc byod best_prac
Fetc byod best_prac
 
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
From the Internet of Things to Intelligent Systems A Developer's Primer - Gar...
 
Cloaking is the new perimeter
Cloaking is the new perimeterCloaking is the new perimeter
Cloaking is the new perimeter
 
Cloaking is the new perimeter
Cloaking is the new perimeterCloaking is the new perimeter
Cloaking is the new perimeter
 
Fetc byod best_prac
Fetc byod best_pracFetc byod best_prac
Fetc byod best_prac
 
CyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoTCyberSecurity Best Practices for the IIoT
CyberSecurity Best Practices for the IIoT
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
From the Internet of Things to Intelligent Systems: A Developer's Primer
From the Internet of Things to Intelligent Systems: A Developer's PrimerFrom the Internet of Things to Intelligent Systems: A Developer's Primer
From the Internet of Things to Intelligent Systems: A Developer's Primer
 
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity SolutionsSchneider-Electric & NextNine – Comparing Remote Connectivity Solutions
Schneider-Electric & NextNine – Comparing Remote Connectivity Solutions
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)
 
19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)19.) security pivot (policy byod nac)
19.) security pivot (policy byod nac)
 
Hugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric ImpHugo Fiennes - Security and the IoT - Electric Imp
Hugo Fiennes - Security and the IoT - Electric Imp
 
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!PLNOG 17 - Artur Kane - DDoS? You shall not pass!
PLNOG 17 - Artur Kane - DDoS? You shall not pass!
 
Dncybersecurity
DncybersecurityDncybersecurity
Dncybersecurity
 
UCT IoT Deployment and Challenges
UCT IoT Deployment and ChallengesUCT IoT Deployment and Challenges
UCT IoT Deployment and Challenges
 
Expand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and DataExpand Your Control of Access to IBM i Systems and Data
Expand Your Control of Access to IBM i Systems and Data
 
Airheads vail 2011 air wave overview
Airheads vail 2011 air wave overviewAirheads vail 2011 air wave overview
Airheads vail 2011 air wave overview
 

Último

Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Delhi Call girls
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Delhi Call girls
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
anilsa9823
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
soniya singh
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
ruhi
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
imonikaupta
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Call Girls in Nagpur High Profile
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
SofiyaSharma5
 

Último (20)

Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
✂️ 👅 Independent Andheri Escorts With Room Vashi Call Girls 💃 9004004663
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Connaught Place ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 

Retail Location Security Complexities

  • 1. Retail Location Security Complexities Starter Question - What is the most important / critical system in foods department store? Etienne Liebetrau - CISSP Infrastructure Architect @Woolworths Holdings South Africa, Africa and Australia Security Consultant Technical Writer Solution Deployment Contractor Researcher Firewall / UTM collector Public Speaker – working on it! The views and opinions expressed in this presentation are my personal ones based on experience in the field. It is not sanctioned by any 3rd party customer or vendor.
  • 2. Foods Retail Store Example – This is the visible part to customers
  • 3. The actual store footprint – offices – stock rooms – Machine / Computer
  • 4. • Stock Scanners • Temp Probes • Refrigeration Monitors • Staff PC • POS PED • IOT Devices • HVAC • BMS • CCTV • POS & PEDS its own PCI Zone! Specific device types in physical zones:
  • 5. • Shared infrastructure • HVAC • Lighting • Fire suppression • CCTV • Proximity IOT • WiFi Customer • WiFi Staff • WiFi Devices Specific device types in multiple zones:
  • 6. LAN – Wired Network Multiple LAN Points in RED – Public Zone points subject to being hijacked LAN Points in Blue connect Wireless Aps – Each SSID is a Target Each Connected device increases you attack surface Each device type increases your vulnerability / exploit potential
  • 7. WiFi is great to connect devices but comes with containment issues Signal Bleed • Not all devices are equal • Capability • Security • Vulnerability • Remediation ability • Manageability of devices WiFi eliminates need for access within the physical retail location. Defeats physical defences such as security gates & swipe card access controls
  • 8. Zone LAN Access Internet / SaaS Access Cloud Access 3Rd Party Auth Stock management x PSK POS x None / AD Refridgeration x x x None HVAC / BMS x x x None IOT x x x x Basic Customer x Customer Staff x x x AD / BYOD BackOffice x x x AD Zones have different requirements • Not all zones SHOULD communicate with one another • Those that do require access to one another require integrity checking • Network segmentation required – prevent lateral penetration Required network access
  • 9. Stock CUTO MER REF POS BO IOT Internet Cloud HO / Corp Legacy Approach: VLAN based segmentation Using Existing ACLs on L3 switches Fundamental problem: By default networks allow traffic Manual Blacklist Manual White List Policy Engines not geared for this No integrity checking possible L2,L3,L4 devices at best Cloud and internet access is basic ZScaler is awesome but does not address on premises requirements Conditional Access Required
  • 10. Stock CUTOM ER REF POS BO IOT Internet Cloud HO / Corp L7 Net Use a Firewall as your core Advantages: Automatic Blacklist Zone Based White List Inter-zone filtering Clean traffic only - IPS Advance Routing MPLS + Inet Advanced Logging Cloud Enablement Inbound Remote access to a single zone Drawbacks: Cost Complexity Contemporary Approach
  • 11. Web filtering essential • Performance – Limit unwanted traffic • Security • Liability • Customer's kid uses you Wifi for porn Basic Network protection • Perimeter network is used ion distributed attack • Your Wifi network allows client to client attacks on personal devices Multiprotocol Support – It not just Web Whats App (IM uses HTTPS on TCP Voice and Video used UDP) Peer to Peer – Traffic Signature based blocking needed. Prioritising of traffic All available bandwidth will be used – Starving essential traffic affects the Availability of systems (CIA) Customer services prioritised over customer consumption IPS – Advanced threat / C&C Botnet detection and prevention VPN Capability is Key MPLS cost reduction Connectivity to Corporate Connectivity to Cloud – Express route not viable for 500 sites
  • 12. St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et St oc k C U T O M ER RE F P O S B O IO T L7 N et Internet Cloud HO / Corp Only 4 sites + HO 1 x Azure Multi HO / DC – 2 min Multi Cloud – 2 min 100+ Retail locations Complexity becomes staggering Manual BGP and OSPF not sustainable Automation is essential Orchestrated Firewall / SDWAN What your WAN will look like soon