Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

OS Security updates for FOH POS Terminals (PCI/DSS)

Status
Not open for further replies.
TobeThor

TobeThor

MIS
Jan 24, 2005
393
US
Our clients are receiving letters from their POS distributors re: XP expiring (updating their OS) and I have ?'s re: such.

1. Is it a PCI/DSS rule that FOH POS Terminals must perform regular security updates? If yes; since our clients have done their best to prevent internet access from the FOH POS, how exactly to they allow the FOH POS to get security updates without opening some door that is supposed to be closed per PCI/DSS specs? Is there a way to have the BOH PC (Win 7 OS) download the updates and distribute them to the FOH POS without human intervention?

 
Sort by date Sort by votes
PCI DSS says that all patches must be applied and that any device that has a full OS must run A/V which also must be updated regularly. Obviously to do that you need to have internet access. Just because a PC doesn't have internet access doesn't mean it cannot be breached.
I believe if the device is a thin client you do not have to have A/V and the OS is not a full blown OS. Windows CE for example.
Stay away from Android devices, PCI has not approved any as far as I know.

There are A/Vs that can update from a local server instead of the internet, not sure on OS updates. Your customers should have commercial firewalls in place.
 
Upvote 0 Downvote
Thank you. I was unaware that the FOH POS Terminals (if using full blown OS's) must have AV loaded as well. Where can I see that in writing? Are POS Ready 2009 & POS Ready 7 considered full blown OS's? It's my understanding they are of the embedded class of OS's. If they are not full blown OS's, I'd like to share that specific information with my clients as it seems they would eliminate the need for AV programs.
Are you also stating that an embedded OS (not full blown) does not require regular OS updates as well?

Please define a "commercial" firewall. My clients have a mix of D-Link, Linksys, netgear and sonicwall. What makes a firewall commercial vs. home use?

Thank you in advance for providing this valuable information to me and this forum.
 
Upvote 0 Downvote
POS Ready 2009 and 7 are both full blown OSs and should have A/V. They call them embedded but I would consider them just stripped down versions of XP and 7. I would suggest consulting with a QSA if you have questions, I am not qualified to answer.

When I said Commercial Firewall, I meant like a SonicWall and it should have subscriptions to the A/V and intrusion protection.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Sirmaxmagic
  • Question
NCR Aloha POS // Pricing LIst
Replies
0
Views
312
Sirmaxmagic
Sirmaxmagic
B
  • Question
Oracle Workstation 6 - 620 OS Image
Replies
2
Views
581
PVSO
PVSO
Colin518
  • Locked
  • Question
Entry-Ish Level Simphony POS Specialist Job Offer
Replies
3
Views
504
Colin518
Colin518
LearningPOS
  • Locked
  • Question
Learning POS / Infrastructure 1
Replies
1
Views
124
goodbody
goodbody
Mohamed Muflahi
  • Locked
  • Question
Oracle Simphony (Micros) POS Developer Training
Replies
1
Views
332
goodbody
goodbody

Part and Inventory Search

Sponsor

Back
Top