Last Topic- "Configure iPad for RMKiosk"
The network is a critical element for two or more computers to operate. All devices communicate via the network. The natural of handheld devices requires wireless communication. Network security in a wireless environment should be of the utmost importance. Every effort should be given not only to protect data being transported over the network but to protect sensitive data store on the fileserver. Network integrity and data security is not an option: PCI-DSS Guidelines require it. To do this, careful consideration must be given to port, firewall, antivirus, and hardware configuration to help prevent a security breach. The following sections covering Routers, Wireless Access Points, and System Security offer general guidelines and hints to be considered when configuring your network for the RM Handheld. More specific guidelines on PCI Compliance can be found in the document: PCI Guidance for Restaurant Manager.
Note: Make sure all firmware is up to date.
Standard PCI Guidelines should be followed when setting up a router for the network. You may wish to consider limiting internet access for the iPad devices used by customers when configuring the router.
More information on PCI Compliance can be found in the document: PCI Guidance for Restaurant Manager.
The Wireless Access Points or WAPS provide the link between the iPad and the hardwired network. As such they are a critical link in the system, and it is very important that you carefully determine the best location for the Access Points so that you maximize the signal strength over the whole operating area.
A site survey will be useful to determine whether existing equipment can be used or if new equipment will be needed including possible wiring requirements (i.e. access points). Use the following suggestions when doing a site survey:
Typically the specifications for the 802.11n wireless access points claim a maximum line of site range of about 180 meters (approx 600 feet) at the maximum baud rate of 11Mbits. In environments with many obstructions (walls, ceilings, etc.) the range goes down to 25 meters (80 feet). We recommend you cut these ranges by 2/3 when planning your installation, to take into account the added attenuation that occurs when the iPads are encased, as well as the reduced range when the place is packed with people. As a rule of thumb, use 100 meters as a maximum range. Additional AP units may be needed if walls are WiFi opaque.
During the on-site survey, identify suitable locations for the Access Points taking into consideration coverage (maximum range), security (access point must be out of normal reach by employees/customers), and connection considerations (the access point requires power and network connections). The access point should be as high as possible so as to maximize line of sight with the handhelds. Best place for an access point is on the ceiling, towards the center of the space being covered.
Following is a list of RF sources that could cause interference.
Microwave ovens: Placing your access point near a microwave oven that is in use may cause interference (when using 2.4 GHz).
Direct Satellite Service (DSS) RF leakage: The coax cable that comes with certain types of satellite dishes may cause interference. Obtain newer cables if you suspect RF leakage.
Certain electrical devices such as power lines, electrical railroad tracks, and power stations.
2.4 GHz phones: Cordless telephones that operate in this range may cause interference. There are also other devices that operate in the 2.4 GHz range that could cause interference. Change the channel used by the access points if you suspect interference from this source.
Metal objects: If possible, move metal objects or change the placement of the Access Points so the path between Access Points and the handhelds is free from metal objects that may cause interference.
While on site, determine the best channel to use when setting up the access point. Use smartphone or Apple applications to determine which channel will be best suited for the site. Applications worthy of consideration are:
iPhone or iPod Touch- WiFi Analyzer
Android App- Meraki WiFi Stumbler
In addition, both applications can be useful to determine the placement or number of Access points needed.
Due to the wireless nature of the connections from the RMKiosks to the local area network it is extremely important that the security features of the operating system be implemented to avoid unauthorized access to the network. It is important to understand that the primary security risk in a restaurant environment is NOT people tapping into the wireless communication itself (after all, who’s going to be interested in food orders going to the kitchen), but people gaining access or, even worse, control of the system.
Only authorized users with assigned passwords should have access to the system. Open systems that do not use User names and passwords are extremely vulnerable in a wireless environment.
RMKiosk uses a specialized SOAP server to handle communications between RMKiosk and the rmserver. However, it is important that standard internet security be implemented. .
We strongly recommend you configure WPA2 security for the wireless network. If you are processing credit cards, PCI prohibits WEP and WPA security. Refer to your Access Point equipment’s documentation for instructions on how to do this. All access points and iPads running RMKiosk must be configured with identical WPA2 settings.
Many access points can be programmed with a list of the MAC addresses allowed to connect to the network (A MAC address is a unique, universal number assigned to every network card.) Although this requires additional setup and maintenance, it greatly reduces the possibility of an out of network wireless computer tapping into the system. If using the SMC access point, the MAC filter setup is under the Command menu option of the AP Manager. Please consult the Access Point’s user guide on specific instructions for MAC address filtering.
Important
PCI DSS 11. states that the site must "Test for the presence of wireless access points and detect unauthorized wireless access points on a quarterly basis."
11.1.a - Verify that the entity has a documented process to detect and identify wireless access points on a quarterly basis.
11.1.b- Verify that the methodology is adequate to detect and identify any unauthorized wireless access points, including at least the following:
WLAN cards inserted into system components
Portable wireless devices connected to system components (for example, by USB, etc.)
Wireless devices attached to a network port or network device
11.1.c- Verify that the documented process to identify unauthorized wireless access points is performed at least quarterly for all system components and facilities.
11.1.d- If automated monitoring is utilized (for example, wireless IDS/IPS, NAC, etc.), verify the configuration will generate alerts to personnel.
11.1.e- Verify the organization’s incident response plan (Requirement 12.9) includes a response in the event unauthorized wireless devices are detected.