We are using a LAN-based POS (point-of-sale) system with an SSL feature on our network. How can we securely connect...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
remote point-of-sale devices to our network?
Provided you have your devices configured to use strong encryption to protect the SSL traffic (AES 256-bit encryption is a great choice), you probably don't need anything else to ensure the confidentiality of transaction data. That is assuming, of course, that you've already applied other security best practices to both the local and remote networks and use firewalls, antivirus software and other standard controls.
That said, I'm never comfortable relying upon a single control. You'd probably sleep better at night if you had the added benefits of a virtual private network (VPN). If both ends of the connection are already protected by hardware firewalls, it's likely that you can configure a VPN tunnel between the two sites using the equipment you already have. If you're not already using firewalls, go get them! There's no excuse for not having this basic security control.
One other word of caution: If you process credit card transactions on these devices, you'll also need to comply with the Payment Card Industry Data Security Standard (PCI DSS). This is no trivial undertaking, and you may wish to consult the PCI DSS materials elsewhere on this site.
For more information
Get more information on the top LAN security issues in a client-server network environment.
Learn how to implement PCI network segmentation in this expert response.
Related Q&A from Mike Chapple
Web application firewalls may be a way to better security, but organizations need to be aware of the compliance implications of WAFs.continue reading
An SEC report shows over three-quarters of financial institutions were subject to at least one cybersecurity attack. Expert Mike Chapple looks at ...continue reading
The Data Accountability and Trust Act is likely to become a law this year. Expert Mike Chapple advises organizations on how to prepare.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.