this post was submitted on 19 Jul 2024
174 points (98.3% liked)
Asklemmy
43896 readers
911 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Coffee shop open WiFi on the same network as the main retail central point of sale system server for several stores.
Transport layer security should mean this shouldn't matter. A good POS shouldn't rely on a secure network, the security should already be built in cyptographically at the network session layer. Anything else would still have the same risk vector, just a lower chance of happening.
In fact many POS systems happily just take a 4g/5g sim card because it doesn't matter what network they're on.
Non IT guy here.
Not all attackers might want access to the POS system. Some might just want to mess around
Couldn't someone mess with the WiFi or network itself? I'm just figuring someone who doesn't secure the WiFi is someone who's going to leave admin passwords on the default and they'd be able to mess with the network settings just enough to bring the system to a halt.
Never trust the network in any circumstance. If you start from that basis then life becomes easier.
Google has a good approach to this: https://cloud.google.com/beyondcorp
EDIT:
I'd like to add a tangential rant about companies still using shit like IP AllowLists and VPNs. They're just implementing eggshell security.