this post was submitted on 19 Jul 2024
178 points (98.4% liked)

Asklemmy

43984 readers
738 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] biscuitswalrus@aussie.zone 2 points 4 months ago

A software shouldn't use passwords for tls, just like before you use submit your bank password your network connection to the site has been validated and encrypted by the public key your client is using to talk to the bank server, and the bank private key to decrypt it.

The rest of the hygiene is still up for grabs for sure, IT security is built on layers. Even if one is broken it shouldn't lead to a failure overall. If it does, go add more layers.

To answer about something like a WiFi pineapple: those man in the middle attacks are thwarted by TLS. The moment an invalid certificate is offered, since the man in the middle should and can not know the private key (something that isn't used as whimsically as a password, and is validated by a trusted root authority).

If an attacker has a private key, your systems already have failed. You should immediately revoke it. You publish your revokation. Invalidating it. But even that would be egregious. You've already let someone into the vault, they already have the crown jewels. The POS system doesn't even need to be accessed.

So no matter what, the WiFi is irrelevant in a setup.

Being suspicious because of it though, I could understand. It's not a smoking gun, but you'd maybe look deeper out if suspicion.

Note I'm not security operations, I'm solutions and systems administrations. A Sec Ops would probably agree more with you than I do.

I consider things from a Swiss cheese model, and rely on 4+ layers of protection against most understood threat vendors. A failure of any one is minor non-compliance in my mind, a deep priority 3. Into the queue, but there's no rush. And given a public WiFi is basically the same as a compromised WiFi, or a 5g carrier network, a POS solution should be built with strengths to handle that by default. And then security layered on top (mfa, conditional access policies, PKI/TLS, Mdm, endpoint health policies, TPM and validation++++)