Securing consignment systems involves more than just installing free antivirus software and hoping all goes well. Antivirus alone isn’t enough when it comes to securing or ‘hardening’ a consignment system. For this first and most-basic layer of protection, we recommend ESET Nod32 Antivirus.
Don’t just download and install Nod32 and think all is well, oh no. Please take the time to configure ESET, from logging of all objects, to storing logs for 365 days; to enabling the appropriate modules, to password protecting settings.
You can’t stop at just antivirus.
The user you log in to Windows as should not be an Administrator. Configure a restricted account and appropriately configure your Windows NTFS Permissions to allow your consignment software and other applications to run. Harden your operating system – e.g. disable hidden admin shares, configure Group Policy, etc.
That’s still not enough.
We recommend utilizing Firefox, not Chrome or Internet Explorer. Chrome relies on Internet Explorer’s settings, so if those settings are ever targeted and compromised, Chrome is also infected. For Firefox, implement the following add-ons: NoScript, AdBlock, and Public Fox. The final of those, providing you with a way to password protect your settings, block downloads, and prevent browsing history from being cleared.
Implement the built-in web filtering + monitoring service within Windows known as Parental Controls. This involves installing the Family Safety pack and registering for a Windows Live account. Once implemented, you can view all web activity, block sites, and prevent malicious content from being accessed.
That’s still not enough though.
Implement a new set of DNS servers at your Internet gateway. Comodo is a bit strict, but for a consignment store actively browsing the Internet, strict is good. OpenDNS is also great for catching malicious domains and content.
It can keep going from there too. If you have Adobe Reader, Adobe Flash, Java, etc. installed, Patch Management really is the only way to keep those programs updated 24 hours a day.
The point is, antivirus alone simply isn’t enough.
Here’s a handy checklist for consignment store owners:
- Utilize ESET Nod32 Antivirus + configure as per the PCI DSS.
- Do not log in to Windows as an Administrator
- Further secure the operating system via Group Policy
- Implement Microsoft’s web filtering/monitoring via Parental Controls
- Utilize Firefox. Install NoScript, AdBlock Plus, and Public Fox. Password protect Firefox via Public Fox
- Implement secure DNS servers, such as Comodo or OpenDNS