Interview with NCR's global manager of ATM security Jim Kirkhope - Information Security Magazine

Interview: Jim Kirkhope of NCR

Securing corporate networks against insider attacks is a difficult challenge to be sure. But how do you prevent such attacks on 1.5 million ATMs worldwide? That's the job of Jim Kirkhope, global manager for ATM network security at NCR, who sees it as an inside-out proposition and one that doesn't necessarily include traditional security software.

JIM KIRKHOPE


There are established ways of locking down desktops and servers. How do you secure a network of ATMs?
With ATMs, the real threats are the insider threats. We have a number of things we do. The majority of the ATMs are Windows-based now. We lock the machines down to the NSA guidelines and use the XP firewall. But, really, you're never going to keep an eye on them all. There are a lot of people out there maintaining ATMs; a lot of people are touching these machines.

What led to your decision not to integrate antivirus on your ATMs any longer?
My feeling: AV was AV was AV. They all did the same thing. When we shipped our machines, we would integrate what the customer wanted. But in the security industry everyone is answering a point problem and my feeling was that no one was tackling the root cause. We found a product that was philosophically aligned with us.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

I prefer securing from the inside out as opposed to building a wall. They're addressing the root cause, which is the ability to run code that wasn't authorized.

How did your customers react when you told them you weren't going to integrate AV into the machines any longer?
The customer reaction in some respects was polarizing; but it was even before we did this. People had their preferences and you could get into religious debates about the finer points of each AV product. But an ATM, though it's a PC in the box, doesn't have the same threat surface. We don't have file sharing. We don't have Word documents, a lot of the things that viruses travel with. Some customers buy into it and some don't. But the truth is you still have to clean up the system before you lock it down anyway.

Do you think that we're going to see enterprises going without AV?
Well, we still run it internally, but it's the bane of my life. We've had discussions about it here. I've always been an advocate of saying, if you have a firewall and your network is protected you can take worms and that sort of thing off the table. Pure AV, it's so resource-intensive. By the time you take out all the things that make it run slowly, it's not worth much.

Download the complete interview with Jim Kirkhope at searchsecurity.com.

 

This was first published in May 2008