Protecting Point of Sale Devices from Targeted Attacks
|
|
- Abraham Blankenship
- 8 years ago
- Views:
Transcription
1 Prtecting Pint f Sale Devices frm Targeted Attacks 1-Apr-14 Versin 1.0 Final Prepared by Sean Finnegan, Cybersecurity Directr Michael Hward, Principal Cybersecurity Architect
2 MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. Cmplying with all applicable cpyright laws is the respnsibility f the user. Withut limiting the rights under cpyright, n part f this dcument may be reprduced, stred in r intrduced int a retrieval system, r transmitted in any frm r by any means (electrnic, mechanical, phtcpying, recrding, r therwise), r fr any purpse, withut the express written permissin f Micrsft Crpratin. Micrsft may have patents, patent applicatins, trademarks, cpyrights, r ther intellectual prperty rights cvering subject matter in this dcument. Except as expressly prvided in any written license agreement frm Micrsft, ur prvisin f this dcument des nt give yu any license t these patents, trademarks, cpyrights, r ther intellectual prperty. The descriptins f ther cmpanies prducts in this dcument, if any, are prvided nly as a cnvenience t yu. Any such references shuld nt be cnsidered an endrsement r supprt by Micrsft. Micrsft cannt guarantee their accuracy, and the prducts may change ver time. Als, the descriptins are intended as brief highlights t aid understanding, rather than as thrugh cverage. Fr authritative descriptins f these prducts, please cnsult their respective manufacturers Micrsft Crpratin. All rights reserved. Any use r distributin f these materials withut express authrizatin f Micrsft Crp. is strictly prhibited. Micrsft and Windws are either registered trademarks r trademarks f Micrsft Crpratin in the United States and/r ther cuntries. The names f actual cmpanies and prducts mentined herein may be the trademarks f their respective wners.
3 Table f Cntents 1 Intrductin Hardening the Pint f Sale Device Prtecting Data At the Endpint Mitigating Lateral Traversal t Devices... 6 Active Directry... 7 Shared Service Accunts... 7 Shared Lcal Administratrs... 9 Other Shared Lcal Accunts Cnclusin iii
4 1 Intrductin Recent attacks n majr retailers have resulted in an increased fcus n the security f Pint f Sale (POS) devices. These devices are typically the frnt line fr prcessing bth custmer payment data as well as lyalty prgrams that can include custmer Persnally Identifiable Infrmatin (PII). As a result any cmprmise f these devices at scale can yield an attacker nt just credit card infrmatin but als a wealth f ther custmer infrmatin t include names, phne numbers, , and physical addresses. While the mtivatin fr these attacks appears t be financial gain many f the techniques used share similarities with targeted attacks designed t steal intellectual prperty. Like Advanced Persistent Threat r APT attacks the retail breaches have invlved lateral mvement t get brad access t backend systems, implanting custm malware, and exfiltrating data. As a result, many f the same recmmendatins that the Micrsft Cybersecurity Team regularly prvides t custmers when respnding t an APT attack can als be applied t POS devices. This paper will fcus slely n majr attack vectrs designed t prvide wide-scale access t POS devices. A related whitepaper, titled A Systematic Methd t Understand Security Risks in a Retail Envirnment, lks mre bradly at retail systems using the STRIDE methdlgy t encmpass backend systems such as retail ERP and e-cmmerce systems. 2 Hardening the Pint f Sale Device While the Pint Of Sale terminal is a fixed purpse device it still has an underlying perating system and applicatins that a wuld-be attacker culd try t explit t gain access t the system. Many f the same recmmendatins that apply t desktp and server systems apply equally t pint f sale devices and the relative unifrmity, in the applicatin f these recmmendatins, shuld make sme mitigatins easier t manage. First, yu shuld keep the sftware and perating system n yur POS device up t date. This includes applying critical sftware updates fr bth the OS and applicatins in a timely fashin as well as running the mst mdern versin f the perating system available fr yur POS device. As we will discuss belw the updating mechanism must be deplyed s as nt t intrduce its wn lateral traversal threat. With each successive release f the Windws perating system Micrsft has nt nly wrked t eliminate vulnerabilities but t add additinal prtectins designed t make it mre difficult t explit new vulnerabilities. This includes memry prtectins such as DEP, ASLR, HTOC, and Page 4
5 SEHOP 1, as well as techniques such as running select applicatins in lw rights mde. Running the mst recent versin f the OS available fr yur device ensures yu have these additinal prtectins against cmprmise. In additin, each POS device shuld have a frm f anti-malware running n it and the signatures shuld be kept up t date. Many POS vendrs will ffer a recmmended AV slutin as part f their slutin and depending n the versin f Windws running n the POS device it may already include Windws Defender. Fr POS devices that d nt currently have AV sftware Micrsft als ffers the Systems Center Endpint Prtectin anti-malware that can be applied t mst types f Windws POS devices. As fixed purpse devices POS terminals are excellent candidates fr applicatin whitelisting slutins. An applicatin whitelisting slutin is able t detect when a prgram is being launched and then determine whether r nt is shuld be allwed based n a predefined list. There are multiple 3 rd party whitelisting slutins as well as the Micrsft AppLcker r Sftware Restrictin Plicies that are built in t Windws. While it will likely require sme testing t verify it des nt impact the peratins f the POS device a whitelisting slutin will restrict the device t just running the desired Pint f Sale applicatin. Finally, given that the POS device has a fixed purpse and a fixed cnfiguratin, cnsider using a technlgy t regularly reset the device cnfiguratin back t a knwn trusted state. One slutin wuld be the use f the Windws Enhanced Write Filter (EWF) that is available n Windws Embedded and POSReady platfrms. The EWF is a file system filter that redirects any attempted writes t the prtected disk partitin int vlatile memry but makes the write appear t have succeeded t the requesting applicatin. As a result, an applicatin including malware r an attacker that attempts t permanently change the cnfiguratin f the device wuld appear t succeed but at next rebt thse changes wuld disappear. Hwever, if the attacker r malware is EWF aware and has sufficient privileged access t the OS it is pssible t disable this as well as ther prtectins. In summary, the fllwing are suggested measures t prtect the POS device frm cmprmise: 1. Keep the POS perating system and applicatin up t date with security patches. 2. Run the mst current POS perating system yu are able. 3. Use an applicatin whitelisting slutin t restrict applicatins. 4. Deply a frm f anti-virus t the POS device and keep the signatures up t date. 5. Use a technlgy t prevent unwanted changes t the POS device such as the Enhanced Write Filter r netwrk bt. 1 Page 5
6 3 Prtecting Data At the Endpint It is difficult t prtect sensitive data n a device where the attacker has cmplete cntrl f the perating system. Hwever, dedicated hardware devices that never expse unencrypted data t the terminal can prvide a safeguard prvided that the encryptin key is never shared with the terminal. Thrugh the use f encrypting card reader hardware r cards that have a built in cryptgraphic prcessr the card data can be encrypted s that it is inaccessible t attacker malware running n the POS device. This assumes that n custmer PII is visible t the terminal either in the initial card swipe, r in the authrizatin data returned t the POS terminal frm the payment system. In additin, many retailers have separate lyalty prgrams that may cntain custmer PII althugh typically nt credit card data. While this may be f less interest t an attacker this data still culd be stlen by malware n the POS device and as a result just encrypting the credit card data at the swipe is nt a panacea t preventing the theft f custmer PII. 4 Mitigating Lateral Traversal t Devices Sme attackers may chse t attack ne r mre POS devices ver the netwrk using explits r even using a physical attack 2 n a device in a stre. Hwever, it is difficult t cmprmise hundreds r thusands f devices using these methds and in the recent retail attacks it is likely that the attacker leveraged sme srt f lateral traversal using stlen but legitimate privileged credentials t cmprmise a large number f devices. Micrsft has extensive experience in cuntering these types f attacks as they are ften used by APT grups t quickly gain access t infrmatin thrughut the enterprise after cmprmising a small number f systems. Micrsft has previusly published general guidance n cuntering these threats in the white paper Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques 3. In this sectin will we fcus n sme specific scenaris likely t allw the brad cmprmise f POS devices. 2 The discussin f prtectin against physical attacks n POS devices is ut f scpe fr this paper. 3 Page 6
7 Active Directry Many retailers jin their Windws POS devices t an Active Directry (AD) in rder t gain the many benefits such as centralized cnfiguratin management, accunt management, and easy authenticatin t netwrk resurces. While this is smething that we cntinue t recmmend, custmers shuld als be aware that a cmprmised Active Directry wuld als becme an avenue fr an attacker t spread malware thrughut the enterprise including t POS devices. If an attacker gets privileged access t Active Directry such as thrugh the theft f Dman Admin r Enterprise Admin credentials he r she has almst limitless access t systems jined t that AD frest. This includes being able t push prgrams t run n systems, change security settings n systems, and mdify the membership f lcal grups n systems such as the lcal administratrs grup. Frtunately, the methds by which an Active Directry are typically cmprmised are well understd and cnsist primarily f very flat AD designs and administrative practices that put credentials at risk. The previusly mentined PtH white paper describes these attacks and mitigatins in great detail and we encurage custmers t implement thse recmmendatins t secure nt just their POS devices but their entire netwrk. Anther cnsideratin is whether POS devices shuld be part f retailer s prductin Active Directry frest r jined t a dmain in a separate frest. In Active Directry a separate frest prvides a security bundary between systems. This wuld prevent a cmprmise f AD in ne frest frm als cmprmising resurces in the ther frest 4. Crss-frest trust relatinships can be established between the frests t allw cntrlled access t resurces acrss the frest bundaries. This allws similar functinality t a single frest while prviding better cntainment in the event f a cmprmise. Shared Service Accunts In Windws a service is a prcess that is autmatically started by the perating system and runs in the backgrund t prvide a desired functin. Many parts f the perating system functin as services as well as applicatins that need t stay running even when n user is active n the system. On POS devices this can include applicatins such as security scanners, systems management sftware, and even part f the POS applicatin itself. When a service is created it 4 Shared userid and passwrds in bth frests culd still allw a cmprmise acrss frest bundaries. Page 7
8 must be set t run as sme user accunt that can include the machine 5 accunt, a lcal user, r a dmain user accunt. In sme cases a service will be installed acrss POS devices using the same Active Directry accunt r using a cmmn lcal accunt created n each system. This is typically dne t simplify access t netwrk resurces r fr the server side f an applicatin t authenticate t the POS device. If this service accunt is als cnfigured n nn-pos systems - such as when the same systems management service accunt is cnfigured n desktp, servers, and POS systems - the result is a single credential that if cmprmised has brad access t the netwrk. Unless using the machine accunt, the userid and passwrd fr this service must be entered and stred encrypted by the perating system fr use at system startup. It is imprtant t recgnize that while a regular user cannt btain these lgn credentials a lcal administratr r an attacker wh has btained lcal administratr access can thrugh the use f cmmn attacker tls. As a result, the cmprmise f a single system cnfigured with this service accunt can expse credentials that are valid fr access acrss a large number f devices. Furthermre, in many cases these accunts are members f the lcal administratrs grup acrss devices in rder t facilitate privileged access. Retailers shuld review their POS devices fr services that are running as accunts ther than LcalSystem, NetwrkService, and LcalService. Where pssible, recnfigure these services t use ne f these machine accunts. Bth LcalSystem and NetwrkService can access netwrk resurces as the machine accunt in Active Directry but are unique t each device. If a cmmn dmain r lcal user accunt must still be used cnsider limiting its usage t just POS devices r better yet using multiple accunts with a different accunt fr varius POS device cmmunities (e.g. per stre, per regin, per business). This will nt nly limit the expsure f the accunt t attackers but als limit the usefulness t a subset f systems shuld the accunt becme cmprmised. Als, try t limit the privileges assigned t the service accunt n POS devices in rder t make it less useful t an attacker. 5 There are actually multiple frms this machine accunt can take including the Lcal System, Lcal Service, and Netwrk Service. Mre infrmatin is available at Page 8
9 This includes nt making the accunt a member f the lcal administratrs grup but als avid granting the accunt unnecessary and sensitive user rights such as: Allw lg n lcally Access this cmputer frm the netwrk Allw lgn thrugh Remte Desktp Services Act as part f the perating system Backup files and directries Restre files and directries The gal is t limit bth hw widely a single stlen accunt can be used acrss devices as well as t limit the amunt f damage an attacker can d t a device with the accunt. Mst f the current POS malware require administratr r sensitive user rights t steal custmer PII. Shared Lcal Administratrs Previusly we mentined hw shared lcal accunts will smetimes be created t supprt a shared service acrss systems. We als discussed hw administratr r privileged accunts are ften necessary fr attackers t succeed in stealing custmer PII frm POS devices. In additin t these scenaris, we need t cnsider lcal accunts that are created as part f the OS installatin as well as fr the terminal peratr. During installatin f the perating system at least ne lcal administratr is always created and it is cmmn during scripted deplyments t use the same passwrd fr this accunt n all deplyed systems. Like with service accunts an attacker that has btained privileged r admin access t a device can btain the passwrds fr lcal accunts. This cmprmise f the userid and passwrd fr a shared accunt n ne system can then be used t lgn t any ther system that uses the same userid and passwrd. Micrsft recmmends that custmers use unique randm passwrds fr lcal administratr accunts, disable thse accunts, r at a minimum restrict hw thse accunts can be used in netwrk cnnectins. Details n these mitigatins and hw t implement them are prvided in the referenced Mitigating Pass-the-Hash (PtH) Attacks and Other Credential Theft Techniques white paper. Other Shared Lcal Accunts It is cmmn in retail envirnments t use shared lcal user accunts t lgn t POS devices even thugh these devices are jined t an Active Directry dmain. This is t ensure that the peratr can access the terminal even if there is a netwrk cnnectin issue and is als because Page 9
10 it is nt cnsidered practical t create and maintain user accunts fr retail assciates where there are a very large number f users and high persnnel turnver. Such trade-ffs need t be made fr business reasns but care shuld als be taken t limit the ptential fr abuse f these shared lcal accunts. First, these accunts shuld nly be given the privilege t lg n lcally and nt as a service, via the netwrk, r via Remte Desktp Services. These accunts shuld als never be lcal administratr accunts r given sensitive user privileges such as the belw. Allw lg n as a service Access this cmputer frm the netwrk Allw lgn thrugh Remte Desktp Services Act as part f the perating system Backup files and directries Restre files and directries Where pssible, different passwrds shuld be used in rder t limit the systems n which this shared accunt is valid. 5 Cnclusin Pint Of Sales devices are prime targets fr attackers because they are the frnt line fr cllecting infrmatin frm custmers and are ften less well prtected than backend systems. Recent large scale cmprmises have required the ability t cmprmise these systems at scale and ften use the same techniques used in targeted attacks designed t steal intellectual prperty. As a result, applying the same techniques f limiting the ability fr attackers t mve laterally in a cmprmise can dramatically reduce the damage frm an attack. In additin, there are a number f measures yu can take t specifically prtect POS devices frm cmprmise as well as securing custmer credit card data as it is cllected. We strngly encurage all retail custmers t review and implement the measures in this paper as a first step twards mitigating the risk f the wide scale theft f custmer infrmatin. In additin, we recmmend custmers read the whitepaper A Systematic Methd t Understand Security Risks in a Retail Envirnment t lk at ther threats t yur retail infrastructure. This paper will utline a typical retail threat mdel and shw hw t use this as a structured apprach t implementing mitigatins t ther systems in yur envirnment such as e- cmmerce platfrms and back f the huse systems. Page 10
Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1
Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues
More informationMaaS360 Cloud Extender
MaaS360 Clud Extender Installatin Guide Cpyright 2012 Fiberlink Cmmunicatins Crpratin. All rights reserved. Infrmatin in this dcument is subject t change withut ntice. The sftware described in this dcument
More informationIntroduction to Mindjet MindManager Server
Intrductin t Mindjet MindManager Server Mindjet Crpratin Tll Free: 877-Mindjet 1160 Battery Street East San Francisc CA 94111 USA Phne: 415-229-4200 Fax: 415-229-4201 mindjet.cm 2013 Mindjet. All Rights
More informationPassword Reset for Remote Users
1 Passwrd Reset fr Remte Users Curin prvides a cmpnent fr the PasswrdCurier Passwrd Prvisining System that manages the lcal passwrd cache in cnjunctin with self-service passwrd reset activities. The slutin
More informationLicensing Windows Server 2012 for use with virtualization technologies
Vlume Licensing brief Licensing Windws Server 2012 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents This
More informationLicensing Windows Server 2012 R2 for use with virtualization technologies
Vlume Licensing brief Licensing Windws Server 2012 R2 fr use with virtualizatin technlgies (VMware ESX/ESXi, Micrsft System Center 2012 R2 Virtual Machine Manager, and Parallels Virtuzz) Table f Cntents
More informationURM 11g Implementation Tips, Tricks & Gotchas ALAN MACKENTHUN FISHBOWL SOLUTIONS, INC.
URM 11g Implementatin Tips, Tricks & Gtchas ALAN MACKENTHUN FISHBOWL SOLUTIONS, INC. i Fishbwl Slutins Ntice The infrmatin cntained in this dcument represents the current view f Fishbwl Slutins, Inc. n
More informationDeployment Overview (Installation):
Cntents Deplyment Overview (Installatin):... 2 Installing Minr Updates:... 2 Dwnlading the installatin and latest update files:... 2 Installing the sftware:... 3 Uninstalling the sftware:... 3 Lgging int
More informationABELMed Platform Setup Conventions
ABELMed Platfrm Setup Cnventins 1 Intrductin 1.1 Purpse f this dcument The purpse f this dcument is t prvide prspective ABELMed licensees and their hardware vendrs with the infrmatin that they will require
More informationIntroduction LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE. 2015 Savision B.V. savision.com All rights reserved.
Rev 7.5.0 Intrductin 2 LIVE MAPS UNITY PORTAL / INSTALLATION GUIDE 2015 Savisin B.V. savisin.cm All rights reserved. This manual, as well as the sftware described in it, is furnished under license and
More informationThis guide is intended for administrators, who want to install, configure, and manage SAP Lumira, server for BI Platform
Hw T install SAP Lumira, server n SAP BusinessObjects BI platfrm Distributed Install Applies t: SAP Lumira, server versin fr the SAP BusinessObjects BI platfrm Summary This guide is intended fr administratrs,
More informationHIPAA HITECH ACT Compliance, Review and Training Services
Cmpliance, Review and Training Services Risk Assessment and Risk Mitigatin: The first and mst imprtant step is t undertake a hlistic risk assessment that examines the risks and cntrls related t fur critical
More informationPersonal Data Security Breach Management Policy
Persnal Data Security Breach Management Plicy 1.0 Purpse The Data Prtectin Acts 1988 and 2003 impse bligatins n data cntrllers in Western Care Assciatin t prcess persnal data entrusted t them in a manner
More informationPreparing to Deploy Reflection : A Guide for System Administrators. Version 14.1
Preparing t Deply Reflectin : A Guide fr System Administratrs Versin 14.1 Table f Cntents Table f Cntents... 2 Preparing t Deply Reflectin 14.1:... 3 A Guide fr System Administratrs... 3 Overview f the
More informationUsing PayPal Website Payments Pro UK with ProductCart
Using PayPal Website Payments Pr UK with PrductCart Overview... 2 Abut PayPal Website Payments Pr & Express Checkut... 2 What is Website Payments Pr?... 2 Website Payments Pr and Website Payments Standard...
More informationInstant Chime for IBM Sametime Quick Start Guide
Instant Chime fr IBM Sametime Quick Start Guide Fall 2014 Cpyright 2014 Instant Technlgies. All rights reserved. Cpyright and Disclaimer This dcument, as well as the sftware described in it, is furnished
More informationIT Account and Access Procedure
IT Accunt and Access Prcedure Revisin Histry Versin Date Editr Nature f Change 1.0 3/23/06 Kelly Matt Initial Release Table f Cntents 1.0 Overview... 1 2.0 Purpse... 1 3.0 Scpe... 1 4.0 Passwrds... 1 4.1
More informationServ-U Distributed Architecture Guide
Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v14.0.1.0 Page 1 f 16 Intrductin Serv-U
More informationCSC IT practix Recommendations
CSC IT practix Recmmendatins CSC Healthcare 28th January 2014 Versin 3 www.csc.cm/glbalhealthcare Cntents 1 Imprtant infrmatin 3 2 IT Specificatins 4 2.1 Wrkstatins... 4 2.2 Minimum Server with 1-5 wrkstatins
More informationIntel Hybrid Cloud Management Portal Update FAQ. Audience: Public
Intel Hybrid Clud Management Prtal Update FAQ Audience: Public Purpse: Prepare fr the launch f the Intel Hybrid Clud Platfrm multi-user/multi-tier update Versin: Final FAQs What s new in the Intel Hybrid
More informationJunos Pulse Instructions for Windows and Mac OS X
Juns Pulse Instructins fr Windws and Mac OS X When yu pen the Juns client fr the first time yu get the fllwing screen. This screen shws yu have n cnnectins. Create a new cnnectin by clicking n the + icn.
More informationLicensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite
Vlume Licensing brief Licensing the Cre Client Access License (CAL) Suite and Enterprise CAL Suite Table f Cntents This brief applies t all Micrsft Vlume Licensing prgrams. Summary... 1 What s New in This
More informationStarterPak: Dynamics CRM Opportunity To NetSuite Sales Order
StarterPak: Dynamics CRM Opprtunity T NetSuite Sales Order Versin 1.0 7/20/2015 Imprtant Ntice N part f this publicatin may be reprduced, stred in a retrieval system, r transmitted in any frm r by any
More informationOrganisational self-migration guide an overview V1-5 April 2014
Organisatinal self-migratin guide an verview V1-5 April 2014 Cpyright 2013, Health and Scial Care Infrmatin Centre. 1 Self Migratin t NHSmail an verview fr rganisatins Cntents Intrductin 3 1. Initial preparatins
More informationCloud Services Frequently Asked Questions FAQ
Clud Services Frequently Asked Questins FAQ Revisin 1.0 6/05/2015 List f Questins Intrductin What is the Caradigm Intelligence Platfrm (CIP) clud? What experience des Caradigm have hsting prducts like
More informationEnsuring end-to-end protection of video integrity
White paper Ensuring end-t-end prtectin f vide integrity Prepared by: Jhn Rasmussen, Senir Technical Prduct Manager, Crprate Business Unit, Milestne Systems Date: May 22, 2015 Milestne Systems Ensuring
More informationThe Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future
The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents
More informationHP ExpertOne. HP2-T21: Administering HP Server Solutions. Table of Contents
HP ExpertOne HP2-T21: Administering HP Server Slutins Industry Standard Servers Exam preparatin guide Table f Cntents Overview 2 Why take the exam? 2 HP ATP Server Administratr V8 certificatin 2 Wh shuld
More informationexpertise hp services valupack consulting description security review service for Linux
expertise hp services valupack cnsulting descriptin security review service fr Linux Cpyright services prvided, infrmatin is prtected under cpyright by Hewlett-Packard Cmpany Unpublished Wrk -- ALL RIGHTS
More informationSMART Active Directory Migrator 9.0.2. Requirements
SMART Active Directry Migratr 9.0.2 January 2016 Table f Cntents... 3 SMART Active Directry Migratr Basic Installatin... 3 Wrkstatin and Member Server System... 5 Netwrking... 5 SSL Certificate... 6 Service
More informationROSS RepliWeb Operations Suite for SharePoint. SSL User Guide
ROSS RepliWeb Operatins Suite fr SharePint SSL User Guide Sftware Versin 2.5 March 18, 2010 RepliWeb, Inc., 6441 Lyns Rad, Ccnut Creek, FL 33073 Tel: (954) 946-2274, Fax: (954) 337-6424 E-mail: inf@repliweb.cm,
More informationIn addition to assisting with the disaster planning process, it is hoped this document will also::
First Step f a Disaster Recver Analysis: Knwing What Yu Have and Hw t Get t it Ntes abut using this dcument: This free tl is ffered as a guide and starting pint. It is des nt cver all pssible business
More informationIntegrating With incontact dbprovider & Screen Pops
Integrating With incntact dbprvider & Screen Pps incntact has tw primary pints f integratin. The first pint is between the incntact IVR (script) platfrm and the custmer s crprate database. The secnd pint
More informationConfiguring BMC AREA LDAP Using AD domain credentials for the BMC Windows User Tool
Cnfiguring BMC AREA LDAP Using AD dmain credentials fr the BMC Windws User Tl Versin 1.0 Cnfiguring the BMC AREA LDAP Plugin fr Dmain Username and Passwrds Intrductin...3 LDAP Basics...4 What is LDAP and
More informationACTIVITY MONITOR. Live view of remote desktops. You may easily have a look at any user s desktop.
Web Develpment Offshre Develpment Outsurcing SEO ACTIVITY MONITOR This pwerful tl allws yu t track any LAN, giving yu the mst detailed infrmatin n what, hw and when yur netwrk users perfrmed. Whether it
More informationBackupAssist SQL Add-on
WHITEPAPER BackupAssist Versin 6 www.backupassist.cm 2 Cntents 1. Requirements... 3 1.1 Remte SQL backup requirements:... 3 2. Intrductin... 4 3. SQL backups within BackupAssist... 5 3.1 Backing up system
More informationInstallation Guide Marshal Reporting Console
Installatin Guide Installatin Guide Marshal Reprting Cnsle Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 2 Sftware Prerequisites 3 Installatin Prcedures 3 Appendix: Enabling
More informationViPNet VPN in Cisco Environment. Supplement to ViPNet Documentation
ViPNet VPN in Cisc Envirnment Supplement t ViPNet Dcumentatin 1991 2015 Inftecs Americas. All rights reserved. Versin: 00121-04 90 02 ENU This dcument is included in the sftware distributin kit and is
More informationHP Email Archiving software for Microsoft Exchange
HP Email Archiving sftware fr Micrsft Exchange PST Imprt Tls Cmpnents and Deplyment Best Practices Table f Cntents Overview... 2 Prerequisites... 2 Cmpnents... 2 Archive Credentials... 2 PST Lader... 2
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationLearn More Cloud Extender Requirements Cheat Sheet
MaaS360.cm > Learn Mre Learn Mre Clud Extender Requirements Cheat Sheet OVERVIEW This dcument defines all requirements t ensure a successfully installatin f the Clud Extender t enable use f ActiveSync
More informationHow To Install An Orin Failver Engine On A Network With A Network Card (Orin) On A 2Gigbook (Orion) On An Ipad (Orina) Orin (Ornet) Ornet (Orn
SlarWinds Technical Reference Preparing an Orin Failver Engine Installatin Intrductin t the Orin Failver Engine... 1 General... 1 Netwrk Architecture Optins and... 3 Server Architecture Optins and... 4
More informationReadme File. Purpose. Introduction to Data Integration Management. Oracle s Hyperion Data Integration Management Release 9.2.
Oracle s Hyperin Data Integratin Management Release 9.2.1 Readme Readme File This file cntains the fllwing sectins: Purpse... 1 Intrductin t Data Integratin Management... 1 Data Integratin Management Adapters...
More informationImplementing ifolder Server in the DMZ with ifolder Data inside the Firewall
Implementing iflder Server in the DMZ with iflder Data inside the Firewall Nvell Cl Slutins AppNte www.nvell.cm/clslutins JULY 2004 OBJECTIVES The bjectives f this dcumentatin are as fllws: T cnfigure
More informationHelpdesk Support Tickets & Knowledgebase
Helpdesk Supprt Tickets & Knwledgebase User Guide Versin 1.0 Website: http://www.mag-extensin.cm Supprt: http://www.mag-extensin.cm/supprt Please read this user guide carefully, it will help yu eliminate
More informationOptimal Payments Extension. Supporting Documentation for the Extension Package. 20140225 v1.1
Optimal Payments Extensin Supprting Dcumentatin fr the Extensin Package 20140225 v1.1 Revisin Histry v1.1 Updated Demac Media branding v1.0 Initial Dcument fr Distributin supprt@ptimalpayments.cm Page
More informationFirst Global Data Corp.
First Glbal Data Crp. Privacy Plicy As f February 23, 2015 Ding business with First Glbal Data Crp. ("First Glbal", First Glbal Mney, "we" r "us", which includes First Glbal Data Crp. s subsidiary, First
More informationSecurity Guidance ArcGIS Server 9.3 Windows Security Requirements
Envirnmental Systems Research Institute, Inc., 380 New Yrk St., Redlands, CA 92373-8100 USA TEL 909-793-2853 FAX 909-307-3014 Security Guidance ArcGIS Server 9.3 Windws Security Requirements Versin 1.0
More information1)What hardware is available for installing/configuring MOSS 2010?
1)What hardware is available fr installing/cnfiguring MOSS 2010? 2 Web Frnt End Servers HP Prliant DL 380 G7 2 quad cre Intel Xen Prcessr E5620, 2.4 Ghz, Memry 12 GB, 2 HP 146 GB drives RAID 5 2 Applicatin
More informationFor students to participate in BYOD please follow these two steps
www.readingtn.k12.nj.us September 15, 2015 Dear Readingtn Middle Schl Families, We are excited t annunce that we are cntinuing with Bring Yur Own Device fr all middle schl students! We recgnize that many
More informationSPECIFICATION. Hospital Report Manager Connectivity Requirements. Electronic Medical Records DRAFT. OntarioMD Inc. Date: September 30, 2010
OntariMD Inc. Electrnic Medical Recrds SPECIFICATION Hspital Reprt Manager Cnnectivity Requirements DRAFT Date: September 30, 2010 Versin: 1.0 2007-2010 OntariMD Inc. All rights reserved HRM EMR Cnnectivity
More informationISAM TO SQL MIGRATION IN SYSPRO
118 ISAM TO SQL MIGRATION IN SYSPRO This dcument is aimed at assisting yu in the migratin frm an ISAM data structure t an SQL database. This is nt a detailed technical dcument and assumes the reader has
More informationExercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008
Exercise 5 Server Cnfiguratin, Web and FTP Instructins and preparatry questins Administratin f Cmputer Systems, Fall 2008 This dcument is available nline at: http://www.hh.se/te2003 Exercise 5 Server Cnfiguratin,
More informationWEB APPLICATION SECURITY TESTING
WEB APPLICATION SECURITY TESTING Cpyright 2012 ps_testware 1/7 Intrductin Nwadays every rganizatin faces the threat f attacks n web applicatins. Research shws that mre than half f all data breaches are
More informationUnified Communications
Office f Infrmatin Technlgy Services Service Level Agreement Unified Cmmunicatins Nvember 7, 2013 v2.2 Service Descriptin Unified Cmmunicatins Service Descriptin ITS Unified Cmmunicatins ffers a number
More informationUniversity of Texas at Dallas Policy for Accepting Credit Card and Electronic Payments
University f Texas at Dallas Plicy fr Accepting Credit Card and Electrnic Payments Cntents: Purpse Applicability Plicy Statement Respnsibilities f a Merchant Department Prcess t Becme a Merchant Department
More informationConfiguring and Integrating LDAP
Cnfiguring and Integrating LDAP The Basics f LDAP 3 LDAP Key Terms and Cmpnents 3 Basic LDAP Syntax 4 The LDAP User Experience Mnitr 6 This dcument includes infrmatin abut LDAP and its rle with SlarWinds
More informationAvePoint High Speed Migration Supplementary Tools
AvePint High Speed Migratin Supplementary Tls User Guide Issued April 2016 1 Table f Cntents Intrductin... 3 MD5 Value Generatr Tl... 3 Azure Data Uplad Tl... 3 Dwnlading and Unpacking the Tl... 4 Using
More informationGUIDANCE FOR BUSINESS ASSOCIATES
GUIDANCE FOR BUSINESS ASSOCIATES This Guidance fr Business Assciates dcument is intended t verview UPMCs expectatins, as well as t prvide additinal resurces and infrmatin, t UPMC s HIPAA business assciates.
More informationInternet and E-Mail Policy User s Guide
Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin
More informationAvatier Identity Management Suite
Avatier Identity Management Suite AIMS Versin 9 System Requirements Versin 9 2603 Camin Ramn Suite 110 San Ramn, CA 94583 Phne: 800-609-8610 925-217-5170 FAX: 925-217-0853 Email: supprt@avatier.cm Page
More informationMonitor Important Windows Security Events using EventTracker
Mnitr Imprtant Windws Security Events using EventTracker White Paper Publicatin Date: Mar 14, 2014 EventTracker 8815 Centre Park Drive Clumbia MD 21045 www.eventtracker.cm EventTracker: Mnitr Imprtant
More informationDisk Redundancy (RAID)
A Primer fr Business Dvana s Primers fr Business series are a set f shrt papers r guides intended fr business decisin makers, wh feel they are being bmbarded with terms and want t understand a cmplex tpic.
More informationHow To Upgrade A Crptocard To A 6.4 Migratin Tl (Cpl) For A 6Th Generation Of A Crntl (Cypercoder) On A Crperd (Cptl) 6.
BlackShield ID Upgrade and Migratin Guide Fr CRYPTO-Server 6.4 Users Cpyright 2010 CRYPTOCard Inc. website: http://www.cryptcard.cm Trademarks CRYPTOCard and the CRYPTOCard lg are registered trademarks
More informationManaging Access and Help Protect Corporate Email Data on Mobile Devices with Enterprise Mobile Suite
Managing Access and Help Prtect Crprate Email Data n Mbile Devices with Enterprise Mbile Suite Last updated: 7/15/15 Balancing prductivity and security Emplyees want t be able t use their wn devices t
More informationSecurity Services. Service Description Version 1.00. Effective Date: 07/01/2012. Purpose. Overview
Security Services Service Descriptin Versin 1.00 Effective Date: 07/01/2012 Purpse This Enterprise Service Descriptin is applicable t Security Services ffered by the MN.IT Services and described in the
More informationSession 9 : Information Security and Risk
INFORMATION STRATEGY Sessin 9 : Infrmatin Security and Risk Tharaka Tennekn B.Sc (Hns) Cmputing, MBA (PIM - USJ) POST GRADUATE DIPLOMA IN BUSINESS AND FINANCE 2014 Infrmatin Management Framewrk 2 Infrmatin
More informationInformation Services Hosting Arrangements
Infrmatin Services Hsting Arrangements Purpse The purpse f this service is t prvide secure, supprted, and reasnably accessible cmputing envirnments fr departments at DePaul that are in need f server-based
More informationServ-U Distributed Architecture Guide
Serv-U Distributed Architecture Guide Hrizntal Scaling and Applicatin Tiering fr High Availability, Security, and Perfrmance Serv-U Distributed Architecture Guide v15.1.2.0 Page 1 f 20 Intrductin Serv-U
More informationResearch Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013
Research Reprt Abstract: Advanced Malware Detectin and Prtectin Trends By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm, Senir Prject Manager September 2013 2013 by The Enterprise Strategy Grup,
More informationInstallation Guide Marshal Reporting Console
INSTALLATION GUIDE Marshal Reprting Cnsle Installatin Guide Marshal Reprting Cnsle March, 2009 Cntents Intrductin 2 Supprted Installatin Types 2 Hardware Prerequisites 3 Sftware Prerequisites 3 Installatin
More informationHEAL-Link Federation Higher Education & Research. Exhibit 2. Technical Specifications & Attribute Specifications
HEAL-Link Federatin Higher Educatin & Research Exhibit 2 Technical Specificatins & Attribute Specificatins Trust Relatinship Trust relatinship amng the federatin, federatin members and federatin partners
More informationUsing PayPal Website Payments Pro with ProductCart
Using PayPal Website Payments Pr with PrductCart Overview... 2 Abut PayPal Website Payments Pr & Express Checkut... 3 What is Website Payments Pr?... 3 Website Payments Pr and Website Payments Standard...
More informationAdobe Sign. Enabling Single Sign-On with SAML Reference Guide
Enabling Single Sign-On with SAML Reference Guide 2016 Adbe Systems Incrprated. All Rights Reserved. Prducts mentined in this dcument, such as the services f identity prviders Micrsft Active Directry Federatin,
More informationExercise 5 Server Configuration, Web and FTP Instructions and preparatory questions Administration of Computer Systems, Fall 2008
Exercise 5 Server Cnfiguratin, Web and FTP Instructins and preparatry questins Administratin f Cmputer Systems, Fall 2008 This dcument is available nline at: http://www.hh.se/te2003 Exercise 5 Server Cnfiguratin,
More informationProcess of Setting up a New Merchant Account
Prcess f Setting up a New Merchant Accunt Table f Cntents PCI DSS... 3 Wh t cntact?... 3 Bakcgrund n PCI... 3 Why cmply?... 3 Hw t cmply?... 3 PCI DSS Scpe... 4 Des PCI DSS Apply t Me?... 4 What if I am
More informationVCU Payment Card Policy
VCU Payment Card Plicy Plicy Type: Administrative Respnsible Office: Treasury Services Initial Plicy Apprved: 12/05/2013 Current Revisin Apprved: 12/05/2013 Plicy Statement and Purpse The purpse f this
More informationThe ADVANTAGE of Cloud Based Computing:
The ADVANTAGE f Clud Based Cmputing: A Web Based Slutin fr: Business wners and managers that perate equipment rental, sales and/r service based rganizatins. R M I Crpratin Business Reprt RMI Crpratin has
More informationCallRex 4.2 Installation Guide
CallRex 4.2 Installatin Guide This dcument describes hw t install CallRex 4.2. It cvers the fllwing: CallRex 4.2 Cmpnents. Server Prerequisites. Perfrming the Installatin. Changing the Accunt Used by CallRex
More informationOnline Learning Portal best practices guide
Online Learning Prtal Best Practices Guide best practices guide This dcument prvides Micrsft Sftware Assurance Benefit Administratrs with best practices fr implementing e-learning thrugh the Micrsft Online
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationBlue Link Solutions Terminal Server Configuration How to Install Blue Link Solutions in a Terminal Server Environment
Blue Link Slutins Terminal Server Cnfiguratin Hw t Install Blue Link Slutins in a Terminal Server Envirnment Prepared by: Darren Myher April 9, 2002 Table f Cntents Backgrund... 2 Applicatin Server mde
More information5.2.1 Passwords. Information Technology Policy. Policy. Purpose. Policy Statement. Applicability of this Policy
Infrmatin Technlgy Plicy 5.2.1 Passwrds Plicy Area: 5.2 Security Title: 5.2.1 Passwrds Issued by: Assistant Vice-President/CIO, ITS Date Issued: 2006 July 24 Last Revisin Date: 2011 Octber 19 Apprved by:
More informationImplementing SQL Manage Quick Guide
Implementing SQL Manage Quick Guide The purpse f this dcument is t guide yu thrugh the quick prcess f implementing SQL Manage n SQL Server databases. SQL Manage is a ttal management slutin fr Micrsft SQL
More informationAn Oracle White Paper January 2014. Oracle WebLogic Server on Oracle Database Appliance
An Oracle White Paper January 2014 Oracle WebLgic Server n Oracle Database Appliance Intrductin This white paper describes the architecture and highlights the value prpsitin f Oracle WebLgic Server n Oracle
More informationTable of Contents. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Table f Cntents Tp Pricing and Licensing Questins... 2 Why shuld custmers be excited abut Micrsft SQL Server 2012?... 2 What are the mst significant changes t the pricing and licensing fr SQL Server?...
More informationMicrosoft CRM Best Practices Upgrading Supported Microsoft CRM 1.2 Environments to Microsoft CRM 3.0
Micrsft CRM Best Practices Upgrading Supprted Micrsft CRM 1.2 Envirnments t Micrsft CRM 3.0 Published: August 2005 This is a preliminary dcument and may be changed substantially prir t final cmmercial
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationCORE 8 to 9 Data Migration Guide
CORE 8 t 9 Data Migratin Guide i CORE 8 t 9 Data Migratin Guide Cpyright 2009-2015 Vitech Crpratin. All rights reserved. N part f this dcument may be reprduced in any frm, including, but nt limited t,
More informationConnector for Microsoft Dynamics Installation Guide
Micrsft Dynamics Cnnectr fr Micrsft Dynamics Installatin Guide June 2014 Find updates t this dcumentatin at the fllwing lcatin: http://g.micrsft.cm/fwlink/?linkid=235139 Micrsft Dynamics is a line f integrated,
More informationGetting Started Guide
AnswerDash Resurces http://answerdash.cm Cntextual help fr sales and supprt Getting Started Guide AnswerDash is cmmitted t helping yu achieve yur larger business gals. The utlined pre-launch cnsideratins
More informationVMware View Windows XP Optimization
VMware View Windws XP Optimizatin VDI Windws XP Optimizatins Let s g thrugh creating a VM fr VDI use. Remember this VM will be used ver and ver again. It is imprtant t get the image small and ptimized.
More informationSystems Support - Extended
1 General Overview This is a Service Level Agreement ( SLA ) between and the Enterprise Windws Services t dcument: The technlgy services the Enterprise Windws Services prvides t the custmer. The targets
More informationCloud Services MDM. Windows 8 User Guide
Clud Services MDM Windws 8 User Guide 10/24/2014 CONTENTS Overview... 2 Supprted Devices... 2 System Capabilities... 2 Enrllment and Activatin... 3 Prcess Overview... 3 Verify Prerequisites... 3 Dwnlad
More informationAVG AntiVirus Business Edition
AVG AntiVirus Business Editin User Manual Dcument revisin AVG.02 (30.9.2015) C pyright AVG Technlgies C Z, s.r.. All rights reserved. All ther trademarks are the prperty f their respective wners. Cntents
More informationThe Cost Benefits of the Cloud are More About Real Estate Than IT
y The Cst Benefits f the Clud are Mre Abut Real Estate Than IT #$#%&'()*( An Osterman Research Executive Brief Published December 2010 "#$#%&'()*( Osterman Research, Inc. P.O. Bx 1058 Black Diamnd, Washingtn
More informationMCSA: Windows 7 Boot Camp for Desktop Support Technicians
MCSA: Windws 7 Bt Camp fr Desktp Supprt Technicians Prepare fr the Enterprise Desktp Supprt Technician certificatin n Windws 7. Gain the clud-related skills required fr the latest Micrsft certificatins
More informationLumension Connect: Online Customer Community FAQs
Lumensin Cnnect: Online Custmer Cmmunity FAQs Cpyright 2009, Lumensin Lumensin Cnnect: Online Custmer Cmmunity FAQs Table f Cntents Lumensin Cnnect:... 1 Online Custmer Cmmunity FAQs... 1 What is Lumensin
More informationKronoDesk Migration and Integration Guide Inflectra Corporation
/ KrnDesk Migratin and Integratin Guide Inflectra Crpratin Date: September 24th, 2015 0B Intrductin... 1 1B1. Imprting frm Micrsft Excel... 2 6B1.1. Installing the Micrsft Excel Add-In... 2 7B1.1. Cnnecting
More information