?
Solved

Hardening guide / standard used on ATM machines

Posted on 2016-07-17
4
Medium Priority
?
519 Views
Last Modified: 2016-07-19
Q1:
Anyone can point me to such a standard / guide?
In particular those used by Wincor Nixdorf or IBM or NCR (anyone of them).

Q2:
Are these ATMs running on custom Linux or custom Windows or proprietary OS mostly?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 49

Accepted Solution

by:
dbrunton earned 840 total points
ID: 41715878
0
 
LVL 7

Assisted Solution

by:Maidine Fouad
Maidine Fouad earned 800 total points
ID: 41715923
Europol  has a general hardening guide for all ATM'S , check the page 7 of this document for what to do (its a 10 page document) :

http://www.ncr.com/wp-content/uploads/EuroPol_Guidance-Recommendations-ATM-logical-attacks.pdf


Anti skimming solutions for ATM :

http://ec.europa.eu/internal_market/fpeg/docs/annex2_askimmingdevices.pdf

This is gold : the atmia association has a file on "ATM Software Security Best Practices Guide Version 3"  :
https://www.atmia.com/files/Best%20Practices/ATMIA%20Best%20Practices%20v3.pdf

their website has a lot of usefull whitepapers as well

For your second question :

Most of the old text based ATM's used IBM's OS/2, then some migrated to nt/XP after then end of service of xp some updated to 7 , others to linux , others kept xp .

You can read more on that and the statistics for some users at the atmia association website
0
 
LVL 7

Assisted Solution

by:Maidine Fouad
Maidine Fouad earned 800 total points
ID: 41715926
+ you need to search for manuals of specific models , this is too general to link , + i think you would need to register on the web sites of the manufacturers of the atm
0
 
LVL 12

Assisted Solution

by:DarinTCH
DarinTCH earned 360 total points
ID: 41716283
So there are physical hardening parameters that are machine / hardware specific as mentions

Otherwise it is the OS - yes still Windows XP

So check some of the standards rods like NIST

http://csrc.nist.gov/itsec/SP800-68r1.pdf
And older link from infosec
http://infosecawareness.in/sysadmin/windows-xp-hardening

And links to discussions here
https://www.experts-exchange.com/questions/23263787/XP-OS-Hardening.html
0

Featured Post

WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Cyber News Rundown brings you the latest happenings in cyber news weekly. Who am I? I’m Connor Madsen, a Webroot Threat Research Analyst, and a guy with a passion for all things security. Any more questions? Just ask.
Let's recap what we learned from yesterday's Skyport Systems webinar.
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question