|
 |
TPSecure: Unattended Device
SafenSoft TPSecure delivers ATM security and protection for POS systems, kiosks and other self-contained, self-service devices against unauthorized data access and software changes by service personnel or hackers. TPSecure maintains system in a known-good state by controlling unauthorized launch attempts and activity of all processes in the system.
|
|
|
|
|
|
Overview
The SafenSoft approach to ATM and kiosk security has its roots in digital rights management, where the goal is to preserve the integrity of the system rather than try to identify every malicious action attempted on the ATM or kiosk. The technology behind this process, VIPO (Valid Inside Permitted Operations), is a unique and highly-effective architecture that efficiently monitors and processes all system activity for unexpected and/or unauthorized activities without needing hands-on attention.
TPSecure delivers three levels of kiosk and ATM security:
- Only authorized applications are permitted to be launched
- A secure environment in which potentially-vulnerable applications can be executed
- Control over the activities any application is permitted to perform, by whom, and with the use of what devices
TPSecure preserves kiosk and ATM security through device integrity, with minimal impact on maintenance tasks and maximum flexibility. The system can be locked down completely, or applications can be executed in a secure environment, or individual or group policies can be applied that enable applications to be used for predetermined purposes and/or in predetermined circumstances only.
TPSecure prevents vulnerabilities from being exploited by using application consistency checks and launching potentially vulnerable applications in a secure environment with limited privileges. This also means that patching no longer needs to be a real-time activity; all new OS or application patches can be tested before being applied, or avoided altogether, without introducing security risks.
For these reasons, TPSecure is the ideal ATM security solution to protect these and other unattended, self-service devices with low bandwidth, especially in situations where regular patching and updates are not possible.
Integration with existing ATM security and automated processing systems and other specialized applications
TPSecure can be customized to seamlessly provide protection for ATM and kiosk automatic processing applications and other specialized, high-risk applications:
- Application consistency control. Control over program code changes ensures that applications cannot be launched if the executable code has been modified.
- Application executable code protection. Executable modules are protected against modification by other applications.
- Application data protection. Read/write access to application data files and registry keys related to all other applications can be disabled.
Why SafenSoft TPSecure: Unattended Device?
| Dynamic Integrity Control |
Protects all executable software on the system by detecting any unauthorized activation attempt and preventing the process from launching before damage can occur |
| Dynamic Sandbox |
Specially-designated user account for potentially vulnerable software provides system-level privilege controls to block dangerous software activity |
| Dynamic Resource Control |
Controls how different applications can access files and folders, registry keys, external devices, and network resources. User-driven rules can be created to control application activity. |
| Flexible installation |
Can be deployed using push, standard, or silent installation mode; configuration settings can also be cloned from a standard device. |
| Conditional remote control |
Client remote control can be disabled to permit disconnected devices or devices with low bandwidth connections to work without central management. |
| Access to external devices |
Granular control over access to and use of external USB storage, CDs/DVDs, COM and LPT ports, autorun control and the ability to set exclusions by device type, name, vendor and ID. Protected CDs/DVDs are recognized and accepted while all others are blocked. |
| Background monitoring and logging of all system events |
Shadow mode provides constant monitoring of devices that cannot be detected or removed by service personnel. All data copy activities, including copying to removable media such as skimmers, is monitored in shadow mode and alerts sent to the management console. A forensic “camera” views and records device screen continuously to capture accidental or malicious insider activities. |
| Self defense system |
TPSecure processes cannot be stopped or killed, even with high-level administrative rights. Additionally, the client regularly sends heartbeat status reports to the management console. |
| Easy integration into existing IT infrastructure |
Microsoft SCCM, IBM Tivoli, HP OpenView or other system management software can be used to manage TPSecure configuration centrally. |
| Meet PCI DSS compliance requirements |
TPSecure helps organizations meet PCI DSS compliance and reduce the risk of financial fraud. |
| Multiple delivery options |
TPSecure can be delivered in various ways, providing flexible integration and deployment capabilities. These include: standard components and settings, custom components and settings based on customer requirements, binary libraries (SDK), or even source code.* |
* Subject to individual contract negotiations |
System requirements »
Print this page
|
Achieving PCI DSS Compliance