Projects:Secure Web POS Operation
Contents |
Introduction
Functionality to restrict access to the Web POS data stored locally and to execute in browser actions.
- Leader: David Souto
- Guide : Stefan Huehner
It is achieved by two means:
- Running Web POS in the Chrome browser in Kiosk Mode that removes possibilities for the user to access some sensitive browser menus like "Cleaning Cache".
- Using "Checker" third part software that creates jailed environment in the PC (like in the Internet Cafes) so that users can do only few allowed to them actions.
Documentation
Chrome Kiosk Mode. How to:
To avoid the access to the chrome/chromium menu you must put the execution of the process in kiosk mode. To do that just call chrome process with the --kiosk option
"%localappdata%\Google\Chrome\Application\chrome.exe " --kiosk "DEFAULT URL"
In this example (Windows 7) you opened a chrome session in full screen that opens your defined URL and avoid the user to access other URL If you want to execute 2 sessions you must create a temporary datastorage in the second launched process
"%localappdata%\Google\Chrome\Application\chrome.exe " --user-data-dir=$(mktemp -d) --kiosk "DEFAULT URL"
Checker Gateway and Server
Checker is a security application designed for financial self-service networks. It allows you to provide a highly secure environment in automated teller machines and can be managed simply from a centralized location. Checker provides an administration web interface that allows you to perform all of the tasks needed to administer security and monitor the events occurring in the ATMs.
In order to correctly install Checker, you must install the essential components:
- Checker Server: this component is in charge of centralizing the administration of the Checker environment. It must be installed in a highly available environment with access to the ATM network.
- Checker Gateway: this component is in charge of connecting all Checker Agents with the server. It’s a communication middleware.
- Database: the relational data model needed for Checker Server to work.
- Checker Agent: the application in charge of protecting the ATM which must be installed in each ATM to be protected.
Checker Server is a Java application and must be executed in the context of a J2EE application server. It also requires the existence of an Oracle 9i/10g/11g, DB2 UDB 8/9, SQL Server 2005/2008 or MySQL 5 database. This installation guide offers detailed instructions on how to create the data model in Oracle and DB2. Checker Agent is a Windows application which means that the operating system installed in the ATM must be Windows XP or Windows NT 4.
PREREQUISITES
For Checker Server:
- Operating system: anyone, as long as it can fulfill the next requisites.
- Database server: Oracle 9i/Oracle 10g/Oracle 11g/DB2 UDB 8/DB2 UDB 9.5/SQL Server 2005/SQL Server 2008/MySQL 5.
- Application server: IBM WebSphere Application Server Network Deployment 8.5.5/ Oracle Weblogic 11g (10.3.X)/JBoss AS 6.1.
- Java software development kit JSDK 1.5 or higher. If the chosen application server is JBoss, JSDK 1.6 or higher is required.
- X11, Xorg o Xvfb (virtual) type graphics server.
- Console access by Internet Explorer 9. Other browsers like Google Chrome or Firefox are not fully supported but they will provide better performance when accessing some screens.
- Hard disk space: 500 Mb of free space.
- Database connectivity.
For the Gateway:
- Operating system: anyone, as long as it can fulfill the next requisites.
- Oracle’s Java Development Kit: JSDK 1.6u45
- Hard disk space: 200 MB of free space.
- Database connectivity.
For Checker Agent, the ATM requirements are:
- Microsoft Windows 7, Windows XP (Service Packs 1, 2, 3) or Windows NT 4 Service Pack 6
- Linux (kernels between 2.6 and 3.8.8). The kernel compilation parameter file will be needed, as well as the versión of some installed libraries, to create an ad-hoc compilation of the agent.
- Hard disk space: 35 MB of free space.
- RAM: Checker Agent consumes between 3-6 MB of memory.
- Checker gateway connectivity