Post on 15-Jan-2015
description
$�-RXUQH\�7R�3URWHFW�3RLQWV�2I�6DOH
Nir Valtman, CISSP: ��ZZZ�YDOWPDQ�RUJ�� ��#9DOWPD1LU
Introduction
�3KRWR�E\�%LOO�)UDVHU
���������� �
���������� �
,¶P�DQ�DUFKLWHFW
�
���������� �
�
Zombies!!!
�
Defacement
�
AntiDef
OPEN SOURCE
Memory ScraperSecure TDD
��
Why Points Of Sale Targeted?
��
��
��
Deployment
��
��
��
��
��
Payment ApplicationPoint Of Sale
IS NOTV
��
RAMDB
POS Payment Processing
Host
PA Server
Store Payment Processor’s Data Center
PA Client
RAM
DB
RAMDB
POS Payment Processing
Host
PA Server
Store Payment Processor’s Data Center
PA Client
RAM
DB
5HVW 7UDQVLW 0HPRU\
:KHUH�$UH�0\�&UHGLW�&DUGV"
Mobile App Presentation Server Application & Payment Server Payment Processor’s Data Center
5HVW 7UDQVLW 0HPRU\
:KHUH�$UH�0\�&UHGLW�&DUGV"
Mobile App Presentation Server Application & Payment Server Payment Processor’s Data Center
Token
Server
&UHGLW�&DUGV
Retail
Environment
Assumptions
100% PCI Compliant
Retail
Environment
Assumptions
Retail
Environment
Assumptions
Retail
Environment
Assumptions
Notvulnerable
Retail
Environment
Assumptions
Retail
Environment
Assumptions
Cashier ≠ hacker
Retail
Environment
Assumptions
Big Brother
RATs
RemoteAdministrationTools
Routing
Threats
��
��
5($':5,7(
��
,�$0�%2%
0(�722
3D\PHQW�6WDJHV�� $XWKRUL]DWLRQ
��
PA
Processor
IssuerGateway
Acquirer
Route Track1/2 Transmit Track1/2
POI
Transmit Track1/2
'LIILFXOW([SORLWDWLRQ
3D\PHQW�6WDJHV�� $XWKRUL]DWLRQ
��
3D\PHQW�6WDJHV�� 6HWWOHPHQW
��Processor
IssuerGateway
Acquirer
Transmit SettlementStore & Send PANs
PA Server
Credit Merchant’s Account
'LIILFXOW([SORLWDWLRQ
3D\PHQW�6WDJHV�� 6HWWOHPHQW
��
��
0HPRU\�6FUDSLQJ
'HPR
��
��
��
OfflineOnline VS
Bypassed Solutions
��
��
SecureString Class
Demo
��
1H[W 1H[W1H[W1H[W 1H[W�*HQHUDWLRQ )LUHZDOO
��
ANTI
��
��
:KLWHOLVW
0'� 6+$���
Correct Solutions
��
��
Cyber Intelligence
��
,�KDYH�DFFHVV�WR�326�WHUPLQDOV�LQ�WKH�86��ZKDW�LV�WKH�EHVW�PDOZDUH�,�VKRXOG�XVH"
��
<RX�QHHG�WR�LQIHFW�WKH�ILUPZDUH�RI�WKH�WHUPLQDO��%\�GRLQJ�WKDW��\RX�FDQ�JHW�IXOO�WUDFN��������
EXW�WKH�3,1�ZLOO�EH�KDVKHG�
��
6HOOLQJ�PDOLFLRXV�ILUPZDUH�IRU�9HULIRQH¶V 326�WHUPLQDOV�/HDNV�GXPSV���3,1V�WKURXJK�*356��
3ULFH��2QO\�����
��
%XVLQHVV�'HYHORSPHQW�2IIHU2ZQHU�RI�D�IDNH�326�VHOOV�KLV�WHUPLQDO�
3ULFH������IURP�UHYHQXH�VKDULQJ�
��
5),��&KDQJH�WHUPLQDO�FRQILJXUDWLRQ�WR�UHTXLUH�3,1�IRU�DOO�FDUGV�&DXVH��*HW�RQO\�����GDWD��EXW�ZDQWV�3,1V
3URSRVHG�6ROXWLRQ��7KHUPDO�,PDJHU
��
Sandbox
��
Network-basedAnomaly Detection
��
Operating SystemAnomaly Detection
��
Runtime Obfuscation
Not only products required
��
��
��
3HUIRUPDQFH� 6HFXULW\
��
Assembly Signing
��
Assembly Obfuscation
PROCESS ISOLATION
What Next
��
?
? ?
?
??
?
?
??
??
? ?
?
:KDW�:RXOG�<RX�6WHDO"
%,3�%,3
��
0HPRU\6FUDSLQJ
��
0HPRU\6FUDSLQJ
Cashier = hacker
��
0HPRU\6FUDSLQJ
Summary
��
��
0HPRU\6FUDSLQJ
6HFXULW\�E\�2EVFXULW\
��
0HPRU\6FUDSLQJ
6LPSOH�([SORLWDWLRQ�
��
0HPRU\6FUDSLQJ
+DUG�WR�3URWHFW
��
0HPRU\6FUDSLQJ
<RX¶UH�,QVXUHG
Nir Valtman: ��ZZZ�YDOWPDQ�RUJ�� ��#9DOWPD1LU