Multi-Unit Franchisee Magazine Issue I, 2012 | Page 66

Security
By David Ellis

Counter-Measures

Protecting your customers’ credit card data

T

here was a time when a hacker needed exceptional
computer skills to breach a system. Only the most talented and experienced computer users could successfully
bypass even the most minimal security provisions. Sadly,
those days are gone. Recent investigations have revealed a disturbing trend: the availability of readily accessible hacking-made-easy
tools has swelled the ranks of effective hackers. Now, an amateur
with a grade-school computer education can often hack a poorly
defended business network in minutes after downloading a free
hacking template.
This alarming news should serve as a wake-up call for franchisees to increase their IT security vigilance. Novice hackers everywhere are now standing on the shoulders of computer geniuses,
giving them the expertise to hack into systems and steal sensitive
information that was previously beyond their reach.
A disturbing trend
Internet criminals already use a wide variety of hacker tools in their
efforts to steal your sensitive information. On a recent compromise investigation, our forensic team found a particularly troubling
hacker tool. After gaining access to the victim’s network (through
insecure remote access) the hacker installed a template that was
downloaded from the Internet. This template contained preconfigured applications designed to “walk” the attacker through the
steps of hacking the network. The template included features such
as dropdown boxes that prompted the user to choose the desired
technique to crack passwords, and the method to install a “backdoor” to enable the hacker to easily return to the compromised
system at their pleasure. No longer do hackers need to write long
strings of complicated code; rather, they simply make their selections as if ordering Chinese food from a menu.
Who uses hacking templates?
Because they lack the technical expertise to write their own hacking code, or scripts, novice hackers (called “Script Kiddies” or
“Skiddies”) rely on sophisticated templates that contain pre-made
exploit code. Because of the rising availability of these packaged
scripts, the number of hackers attempting to illicitly access your
network is growing rapidly. Even though these hackers may be
amateurs, their success rates are increasingly high, largely because
small merchants and franchisees often lack the substantial perimeter defenses to keep them out.
Kiddie protection
Make certain your firewall is doing its job. In addition to filtering
inbound system access, it also needs to protect your credit card
processing environment from the rest of your network. If you or
your employees visit Facebook, order uniforms, or do anything
online unrelated to your payment application, your firewall must

64

Multi-Unit Franchisee I s s ue I , 2012

segment your payment application from all other devices that
connect to the Internet. By segmenting (or quarantining) your
payment-processing environment, you create a “safe zone” that
limits the opportunity for hackers to get to your customer credit
card information.
Firewalls can tell a