As more technology moves into the restaurant, the role – and security – of the network is only going to move higher up the priority list for IT managers. Between constant changes to the PCI security standard, the growing role for wireless devices, and a move towards virtualization, protecting a network requires constant attention. For best practices on protecting a restaurant network, HT talks to Spartan Computer Services, a consulting and service firm for the restaurant industry with expertise in networking, point-of-sale, and technology integration. Tim O’Connor, professional services sales manager, talks about how to deal with virtualization, wireless networks and Windows 7; plus what to look for in a managed network security provider.
HT: What are some of the more common mistakes restaurants make when it comes to network security?
TO: We often see mistakes take place when new devices are added to a network, yet restaurants neglect to stay current with the requirements of those new devices. As software and devices change, PCI compliance requirements change. For merchants, not knowing is not acceptable. For example, we are helping many of our customers upgrade from their current OS to Windows 7 or newer so they stay PCI complaint.
We also see security gaps in ongoing policy. PCI requires that merchants regularly review logs and change passwords, the latter particularly after an employee leaves. It also states that merchants should perform a wireless check for rogue access points.
On the hardware side, we see issues that cause people to go back to the location to reset equipment; we see them not being able to fail-back to another device; and we see them neglecting to use authentication for internal devices. Plus, wireless networks have their own nuances. For example, we sometimes see restaurants neglecting to set a BYOD policy for the guest or restaurant network, and broadcasting to digital signage on an unsecure network.
HT: You mention that you’re upgrading restaurants to Windows 7. Why is this important to network security?
TO: Microsoft stopped providing updates and technical support for Windows XP on April 8, 2014, so this leaves that system vulnerable to malware and viruses. Merchants should be moving away from XP, but they need to check their software compatibility prior to switching to Windows 7. Drivers can be easily added after the change to support peripheral devises. Spartan Computer Services (SCS) is helping restaurants make the change by providing resources to install additional memory, re-imaging the existing server, or installing a new server onsite.
HT: Preventing malicious attacks is only one part of security. What are some of the lesser-obvious threats that restaurants face?
TO: Restaurants, and all businesses, can see attacks come from many places, and these days we’re hearing about how malware is becoming more common than viruses. What we don’t think about, however, is how these networks can also be negatively affected by normal business operations, in addition to intentional attacks. For example, we’ve seen employees bring down entire networks while trying to help reboot equipment or when simply “cleaning up.” A new business could move in next door, unintentionally broadcast its WiFi into your building, and cause interferences or re-direct your customers to its wireless network. We have also seen cases when a high number of customers log onto the network and stream large amounts of data at one time, grinding the network to a halt.
HT: Restaurants are increasingly looking at virtualization for their systems. How can this impact network security?
TO: Virtualization is a great tool restaurants can use to minimize hardware onsite; however, one of the biggest security concerns in virtualized networks is the lack of visibility between traffic and guest.
There are three major virtualization platform vendors: VMware, Xen/ Cintrix and Microsoft. Regardless of the platform, the restaurant will need to define policies and configuration guidelines, create procedures to implement the policies, and maintain them. Such policies include file permissions, controlling users and user groups, and setting up logging and time synchronization.
We encourage IT managers to read up on the guidelines from the Center for Internet Security (CIS), the National Security Agency's National Cyber Assistance Program, and the resources provided by the Defense Information Systems Agency. Most of the well-known platforms will allow you to secure communications using SSH, SSL, and IPSec and we would suggest one or more should be enabled.
HT: Wireless networking is becoming increasingly valuable to restaurant operations. What are some security considerations that are specific to a wireless network?
TO: Wireless security is talked about more than wired security, but many people overlook some common considerations. When you set up a wireless network you will need to decide what type of wireless you’ll use and the speed it runs at. Many of our customers are deploying AC while some that use handhelds in their operations are staying with N wireless radio.
After the type of network is decided, you will need to decide if it is only for internal employee use or you’ll extend wireless for guest use. If the answer is “both,” you will want to make sure the networks are segmented. Restaurants should also set polices for BYOD users and internal users, such as bandwidth and time limits, number of users, and website restrictions. Make sure you write up an SOP on changing passwords for the guest network, when employees leave, and on a scheduled basis for internal networks. It is suggested that the restaurant also perform a check for rogue AP’s on a regular basis.
HT: Can you share some thoughts on working with a managed security services provider (MSSP)? How might a restaurant determine if this is the right approach for them?
TO: Managed security service companies are all different but have similar philosophies. We suggest a restaurant thoroughly reviews the options and level of support for each device; as many of them do not include the wireless component. The MSSP should work with a restaurant’s IT staff to support and educate them on the network security environment and mandates. A good managed security services company can help reduce networking cost, easily add VPN and VLANs, review logs, perform vulnerability scanning and, most importantly, help with ever-changing PCI requirements. Finally, make sure they are prepared to support you in the event you are breached.