Securing the Retail Store Series


Hayan J. Ortega
Solutions Specialist Professional, Retail & Hospitality Industry Solutions Group
Microsoft Corporation

May 2006

Applies to:
   Group Policy
   Active Directory

Summary: This three-part series discusses the Microsoft vision of retail store security. It provides a technical roadmap to achieve this vision, and discusses the alternative solutions where infrastructure, cost, and complexity constraints exist. (19 printed pages)


Guidance Goals
Guidance for Securing the Retail Store
Securing the Network
Securing the System
Securing the Data
Managing for Security


Securing the retail store computing environment has never been more important, or more necessary, than it is today. Store technology is shifting from closed, proprietary systems to open, flexible systems that allow greater and more meaningful interaction with the customer, headquarters, and partners, as well as better control and understanding of store operations. This shift is evidenced by the introduction of retail store technologies such as wireless networking, store Internet access, multifunction point-of-sale (POS) devices, multi-channel selling, customer kiosks, handheld devices, Voice-over-IP (VOIP), remote frequency identifiers (RFIDs), and so on. Generally speaking, these technologies require more effort around security, due to the nature of the applications they introduce and the functionality they expose. Additionally, technology is providing lower cost operational alternatives, such as store-to-corporate network connectivity, that leverage public networks that expose retailers to additional security threats, such as cyber-attacks.

More evidence of this trend can be seen in a recent flurry of headlines that describe the theft, both by employees and non-employees, of corporate and customer data from the store environment, and theft from the corporate environment by using the store as an entry point. Additionally, state legislation and industry regulations, such as Personal Data Privacy and Security Act of 2005 (Specter-Leahy), California bill 700, and the Payment Card Industry (PCI) Data Security Standard (DSS) adopted by Visa, MasterCard, and others, have been enacted to ensure that retailers and other purveyors of customer data are responsible for protecting customer data, and that they are held accountable for its theft.

This three-part series is structure to address security in four areas:

  • Securing the Network
  • Securing the Systems
  • Securing the Data
  • Managing for Security

Each area identifies the relevant technologies, and describes the advantages, requirements, and considerations of implementing each technology. When possible, generic technologies and solutions are identified, followed by a discussion of Microsoft products and how they apply. Links to more prescriptive guidance for each technology are also provided.

A comprehensive security solution involves people, process, and technology, so that technology alone is not sufficient to mitigate the security threats to which most of today's retailers are exposed. Although people and process components are not within the scope of this document, we mention these components as they become critical to the guidance.

Note   This paper is an extract of the "Securing the Retail Store" whitepaper that was originally published September 20, 2005.


The evolution of the point-of-service at the retail stores has taken us from stand-alone registers and point-of-sale systems to sophisticated POS systems that are increasingly connected and capable of delivering more value by targeting not only store operations but also the customer. Supply chain and real-time operations have turned disconnected stores into increasingly connected stores that share not only data but also voice and video.

This evolution is affecting the store and the retail IT environment as a whole. New applications and devices designed for multi-channel retailing are promising to increase operations efficiency, and to drive up revenue and customer experience. But if these trends and advances in technology are not architected with security in mind, they also make the retail environment more vulnerable to electronic threats.

As in-store systems and devices become increasingly interconnected, the need to secure the retail environment grows exponentially. Figure 1 depicts a view of what a retail store may look like today.


Figure 1. A view of a retail store

Standards bodies, regulators, and other organizations are commanding security requirements that retailers will have to enforce in order to avoid penalties, such as those imposed by credit card providers.

The following is a list of relevant security threats common to the retail industry:

  • Applications running under a shared, privileged account
  • Viruses, spyware, and other cyber attacks
  • Wireless spoofing
  • Data stolen on un-secure, un-managed mobile devices
  • Credit card theft by both hackers and employees
  • Insecure stores that provide an easy entry into the corporate network
  • Physically insecure computers and networks that are an easy target

A common misconception regarding the allocation of budget for securing the store is that it does not provide a clear return on investment (ROI) for retailers. The reality is that security enables a company to meets its business objective by providing a safe and secure environment that helps avoid the following:

  • Loss of revenue
  • Loss or compromise of data
  • Interruption of business process
  • Legal consequences
  • Damage to customer and partner confidence
  • Damage to reputation

A more secure retail store also enables easier and safer connectivity with customers and business partners.

Because many retailers have heterogeneous and legacy devices that are not easily replaced, this document first outlines the general approach involved in securing the store. It then identifies alternative methods based on cost, complexity, or other business decisions. Finally, it outlines how Microsoft addresses these through its products.

While this series provides specific and prescriptive guidance for some of its security recommendations, retailers should treat these recommendations as they would any project they choose to undertake. Proper understanding of the technologies and concepts, analysis of the value gained and relevance to the retailer's environment, and thorough planning, developing, and testing are all necessary prior to implementing any recommendations in this guide.

Guidance Goals

Information security is all about mitigating risks. Essential to this tenet is protecting data, and specifically, protecting how data is stored, moved, and consumed. People, process, and technology are the three pillars of information security, and any two alone do not sufficiently ensure data protection. Information security threats come in many forms, and data can be compromised by a failure in any one of these three pillars. In terms of information security, the technology piece is the hardware, software, and operational knowledge used to protect data. This includes computers, operating systems, applications, routers, switches, hubs, firewalls, and so on. This guide describes the Microsoft vision of a secure retail store environment based on the security technologies and methodologies available today.

Every part in this series will introduce one or two solutions under the areas highlighted in Figure 2.


Figure 2. Security areas

Each solution is not enough by itself. They help build layers that help you manage and mitigate security risks. Each solution will include an effort/impact relationship indicator that is relative to the other solutions covered in this guide.

Guidance for Securing the Retail Store

Securing the Network

Because the network is the primary means by which information is distributed and shared, it is often a target for security breaches such as spoofing, man-in-the-middle, and denial of service. The network is also the main vehicle for the transmission of malicious software (malware), such as Trojans and worms, between hosts. Additionally, the introduction of wireless networking into the retail environment has decreased the security of the network, and increased the complexity required in order to secure it. This section examines an approach to securing the transmission of data across the network. Our approach is to begin with a simple store network, as shown in Figure 3, and to layer technologies upon this architecture in order to provide a roadmap to a more secure store network.


Figure 3. Unsegmented network

Segmenting the Store NetworkAa479366.secrtlstrprt106(en-us,MSDN.10).gifAa479366.secrtlstrprt107(en-us,MSDN.10).gif

Effort/ImpactThe planning is relatively easy, but the implementation requires "store touch" and potential acquisition of new equipment that supports virtual local area networks (VLANs).


In today's challenging business environment, a multilayered approach to securing sensitive information is highly recommended. Network segmentation has been used for many years by organizations as a primary defense mechanism against unauthorized access to a company's network.

Network segmentation should be extended to also provide protection for sensitive transactions, such as credit card transactions, as outlined in the Payment Card Industry (PCI) Data Security Standard (DSS).

Network segmentation is the physical isolation of network traffic that flows between communicating systems. It is performed by a network device such as switch or router. As a result of network segmentation, the physical network is divided into distinct parts (segments), such as subnets (performed by a router) or VLANs (performed by a switch). Even today, retail stores commonly deploy a flat (single subnet or VLAN) network with every system, including LOB servers, POS devices, and even wireless devices directly attaching to it. This section outlines the preferred approach for network segmentation, and it provides general guidelines that organizations can follow in order to deploy a segmented network architecture.


Advantages of network segmentation include the following:

  • Increased network performance by separating traffic with different bandwidth
  • Effective bandwidth utilization
  • Physical separation of network traffic with different security requirements
  • Significantly optimized deployment of intrusion detection and intrusion prevention systems


Figure 4 shows an example of a store network that is segmented by using a VLAN.


Figure 4. Segmented network

In Figure 4, the store network is represented as a collection of four subnets that have different security and management requirements:

  • VLAN 1—Line of business and management
  • VLAN 2—POS Subnet
  • VLAN 3—Wireless subnet
  • VLAN 4—Kiosk and public devices subnet

Securing the System

Systems are where data is processed and stored. These include POS devices, workstations, servers, kiosks, and so on. This section identifies technologies that serve to inhibit unauthorized access to host systems and the data they contain. Security at the system level tends to focus around two topics: authentication and authorization. Authentication is the process of validating identity. This can be the identity of a user, a resource, or another computer. The following examples will help explain why authenticating these identities is important from a security standpoint:

  • Authenticating a user—Verifying that a user is who he or she claims to be reduces the threat of unknown individuals having access to your host systems. This validation can happen by using a username and password, or by using biometric validation such as fingerprint reading and iris scanning.
  • Authenticating a resource—By forcing a computer to accept only digitally-signed drivers, the computer authenticates their source and reduces the likelihood of introducing belligerent code by means of the driver.
  • Authenticating a computer—Validating a computer over the network, by using Kerberos authentication or IPSec, verifies the identity of the computer and the host with which it is communicating. This eliminates the introduction of specific security vulnerabilities, such as man-in-the-middle attacks or network spoofing.

Authorization is the process by which authenticated entities are granted access to data or computing resources. The following examples will help explain why authorizing entities is important from a security standpoint:

  • Authorizing a user—Many security breaches are caused by authenticated users, meaning those who have rights to use the system, but who access data or systems that they should not have permission to access. By not authorizing what data users can access, or which applications users can invoke, host systems are open to these vulnerabilities.
  • Authorizing a computer—While the identity of another computer with which a host system communicates might be known, this does not protect the host computer from becoming infected by the connected computer with a worm or virus. System-to-system communication is typically authorized by using firewall and IPSec technologies.

This section investigates technologies that serve to secure the host systems. Once again, we will layer technologies in order to provide a roadmap for a more secure host system.

Centralizing Client Policy ManagementAa479366.secrtlstrprt106(en-us,MSDN.10).gifAa479366.secrtlstrprt108(en-us,MSDN.10).gif

Effort/ImpactDespite being relatively easy to implement, a good design of centralized client policy management requires time and extensive testing. The payback of being able to centrally manage the environment is well worth the effort.


IT organizations develop system policies that provide configuration policy enforcement, in order to ensure environmental consistency and adherence. In the past, these policies existed as documented governance that required adoption from various groups, and that required performing independent audits in order to gauge compliance. Developing system policy historically included the use of access control lists (ACLs), and custom configuration of files or registry keys. When deploying systems in a highly disturbed environment, it is necessary to leverage technology-based policy distribution and enforcement in order to provide a cost-efficient solution.


Centralized policy management ensures a consistent computing environment across an IT infrastructure, and it provides a base layer of configurable security settings. Centralizing the policy management of clients and servers reduces the labor-intensive task of manually configuring each client computer, while also providing a mechanism to quickly and efficiently update client computers as new configurations are warranted.


Decentralized policy management is an option when there is no clear mechanism or infrastructure for a centralized policy management system. This typically would involve copying system policy settings from one computer to another, or developing custom scripts to update clients. Neither of these solutions is optimal, as both are labor-intensive and management-intensive.


The Microsoft implementation of a centralized client policy management system is Group Policy. Group Policy provides efficient and consistent management of a large number of computer and user accounts in a one-to-many model; this means that one change within Group Policy affects many users. Group Policy is implemented through a series of Group Policy objects (GPOs), which are a grouping of system settings that can be applied to a site, a domain, or an organizational unit (OU) in Active Directory.

Through the Active Directory infrastructure and Group Policy, administrators can take advantage of policy-based management to do the following:

  1. Enable one-to-many management of users and computers throughout the enterprise
  2. Automate enforcement of IT policies
  3. Simplify administrative tasks such as system updates and application installations
  4. Consistently implement security settings across the enterprise
  5. Efficiently implement standard computing environments for groups of users

Group Policy can be used to define user-related policies, as well as security, networking, and other policies applied at the machine level. In addition, Group Policy enables management of domain controllers and member servers, in addition to desktop computers.

Securing the system requires the development of policies that address users and client\server systems according to their role and function. The areas of focus should include the following:

  • Security settings—Settings are used to define values for various security-relevant operating system parameters, such as password policy, user rights assignment, audit policy, registry values, file and registry ACLs, and service startup modes.
  • IPSec policies—These settings are used to configure IPSec services for authenticating or encrypting network traffic. An IPSec policy consists of a set of security rules, and each security rule consists of an IP filter with an action.
  • Software restriction policies—These settings are used to identify and specify which applications are permitted to run, in order to help protect computers from code that is not trusted.
  • Wireless network policies—These settings are leveraged to configure settings for the participation in wireless networks.
  • Wireless Configuration Service—This is a user-mode service that operates on each of the IEEE 802.11 wireless network adapters installed on a computer.
  • Public key policies—These Group Policy settings are used to:
    • Specify that computers automatically submit a certificate request to an enterprise certification authority and install the issued certificate.
    • Create and distribute a certificate trust list.
    • Establish common trusted root certification authorities.
    • Add encrypted data recovery agents and change the encrypted data recovery policy settings.
  • Internet Explorer management—Internet Explorer Maintenance is used to manage and customize Internet Explorer on computers running Windows 2000 or later. You can set options for the browser UI, connections, URLs, proxy settings, security zones, Favorites, and Internet Explorer Enhanced Security Configuration component (also known as Microsoft Internet Explorer hardening).

Securing the Data

Data security is the science of protecting data from unauthorized disclosure and modification.

Data Security = Confidentiality + Integrity

Data security is distinct from systems and network security, and it assumes that these are already secure.

In the past, data security meant access control in databases. Today's research in data security is aimed at data exchange. It tries to address the following:

  • Confidentiality—The data reaches only authorized users.
  • Integrity—The data is dispersed as intended by its owner.

In a retail environment, the data is the most precious asset. If the data is not protected—especially personally-identifiable data (such as credit card numbers)—it can severely damage the organization and its partners.

In today's environment, data security is characterized by the following:

  • Data security policies are scattered throughout applications.
  • Database are no longer the center of the security universe.
  • There are no automatic means to translate complex policies into physical implementations.

Data security is an enabling technology. Customers and retail organizations are willing to communicate, interact, and collaborate only if they are comfortable releasing their data, or if they are certain of its authenticity.

The most-used traditional data security technique has been to provide database management system (DBMS) security by means of access control and views, but this technique protects the data only to a certain extent.

Current data security techniques include the following:

  • Data encryption
  • Data integrity
  • Fine-grained security
  • Information sharing across private databases
Minimizing Data StorageAa479366.secrtlstrprt106(en-us,MSDN.10).gifAa479366.secrtlstrprt108(en-us,MSDN.10).gif

Effort/ImpactRemoving unnecessary storage of data typically requires low effort, but depending on ownership of the application, data dependencies, and other constraints, the level of effort may increase. Not storing certain personal data could be the difference between passing and failing industry and government certifications.


Despite the availability of technologies and procedures that help secure data, the best practice is still to not store the data at all. Personally-identifiable data, such as payment card sensitive authentication data and the full tracks of the magnetic stripes, do not need to be stored. It is not an operational requirement, and furthermore, it is penalized by industry policies and regulations.


There is no need to protect data that is not there. Even when encrypted, stored data is susceptible to potential attacks.


As an alternative to not storing the data, consider purging the data. As data is purged more frequently, risk is reduced. Understand the data purging requirements and make sure to comply with industry and government requirements.

Make sure to comply with industry regulations about masking or partially hiding personal identification data, such as credit card numbers, when displaying on-screen, or when printing on a receipt or report.

Customers must have a well-developed consumer privacy policy that governs the use and management of private data. Any external or internal solutions should be evaluated against these standards.


Scripting and scheduled tasks can aid in the purging of data.

Managing for Security

Like many organizations, retailers understand the value in creating business processes, and in following through on them to execution for numerous benefits. Yet, although business processes themselves offer great value and opportunity for cost savings, these processes are not self-sustaining. They require management, modification, and, sometimes, removal as new and existing threats are evaluated and addressed.

Security-conscious organizations, specifically retailers, should follow the same mantra with their information security. Once a secure infrastructure is established in a retail organization, efforts should be focused on managing and sustaining the security investment.

By focusing on managing the existent security investment, retailers can be less reactive and more proactive, as shown in Table 1.

Table 1. Reactive efforts vs. proactive efforts

Examples of Reactive EffortsExamples of Proactive Efforts
Replacing failed hardware componentsTaking snapshots of hardware issues prior to their failure, so that they can be addressed conveniently
Reacting to security breaches for remediationDetecting security vulnerabilities early, and remediating prior to exploitation
Troubleshooting and correcting failed servers that cause work outagesDiscovering and diagnosing problematic servers, and remediating prior to failure
Manually disabling network access for employees who have left the companyAutomating processes to disable accounts after termination

The management technologies that retailers should investigate for implementation in their environments are as follows:

  • Centralized directory for authentication and authorization
  • Automated operating system deployment
  • Patch management
  • Auditing and reporting
  • Inventory and asset management
  • System monitoring

The synergy of these approaches allows retailers to fully realize their investments in technology, and to maintain and ultimately provide a more secure environment.

Leveraging a Centralized Authentication and Authorization DirectoryAa479366.secrtlstrprt106(en-us,MSDN.10).gifAa479366.secrtlstrprt108(en-us,MSDN.10).gif

Effort/ImpactThe good design of a centralized directory of authorization and authentication requires time, extensive testing, and additional management overhead. The payback of being able to centrally manage the environment is well worth the effort.


In distributed computing environments, networked computers and other devices communicate over remote connections in order to accomplish tasks through client/server applications. The systems leverage identity methods in order to authenticate and authorize access to applications or services on the network. Organizations operating a distributed environment, such as the retail store locations, require a solution to administer access to network resources and services, and to manage systems. As the organization grows, the need for a secure and centralized management system becomes more critical.

A directory service provides a centralized location to store information in a distributed environment about networked devices, applications, and services, as well as the people who use them. A directory service also implements the services that make this information available to users, computers, and applications. It is both a database storage system (directory store) and a set of services that provide the means to securely add, modify, delete, and locate data in the directory store.


In order to successfully implement directory services within an enterprise, and to be able to take full advantage of them, organizations should have a number of items in place:

  • Solid and well planned directory services strategy—From a security prospective, directory services are an integral part of the overall security infrastructure that allows for the centralized storage of all security credentials. When designing directory services, organizations should have a clear understanding of all the goals and objectives they are trying to achieve.
  • Formal directory services design—All the decisions regarding the directory services implementation should be formalized in a comprehensive design document, and they should be determined based on requirements and design goals. This document is used to successfully build the directory, and to provide integration between directory services and the applications and services that take advantage of it.
  • Correct choice of the technology—Organizations should select a product or technology that allows them to achieve their objectives with minimal cost.
  • Directory-capable operating system—Computer systems should be capable of participating in the directory to the extent of compliance to an organization's requirements or corporate standards.


  • A central location for network administration and delegation of administrative authority provides a representation of all network users, devices, and resources, as well as the ability to group objects for ease of management and application of security policy.
  • Information security and single sign-on for user access to network resources that leverage the directory. Tight integration with security eliminates costly tracking of accounts for authentication and authorization between systems. A single username and password combination can identify each network user, and the user retains this identity throughout the network.
  • Directory data that applications can leverage. This provides a central location to store user and group data that is leveraged by applications (such as job code, employee ID, and e-mail address).


Centralized authentication and authorization directories provide for a more secure environment, but several aspects of the solution need to be investigated. The successful implementation of a centralized directory solution relies on several overall architecture design decisions that require the following areas to be addressed:

  • User and system authentication and authorization—Directory services should be capable of providing reliable authentication for user accounts. From the security perspective, only authenticated users should be allowed to access resources provided by the directory. The level of access should be controlled by the directory authorization process. For added security, the directory should support not only users, but also computer systems, as security principals. This feature makes deployment of certain security technologies, such as IPSec, significantly easier.
  • Network infrastructure—As a distributed environment, directory services often require replication or partitioning of the directory. As a result, systems that hold directory information need to communicate with each other on a regular basis. The network traffic associated with these communications must be taken into consideration when designing both the directory service and the underlying network infrastructure.
  • Scalability—Directory services should be capable of accommodating numerous objects as security principals. The infrastructure should be capable of growing as the organization grows, without sacrificing performance.
  • Extensibility—Directory services should be capable of adding new services and objects as the requirements change, and as new functionality is required.
  • Fault tolerance—In a distributed environment, there are situations when certain systems are not available at a particular moment. A reliable directory service infrastructure should be capable of accommodating such outages, by providing alternative paths or redundant services.
  • Standards compliance—Lightweight Directory Access Protocol (LDAP) is the best-established standard for modern directory services. LDAP compliance ensures application and service compatibility across multiple directories.
  • Cost—As with every technology, the total cost of the solution should be carefully evaluated.


Active Directory, which is an essential component of the Windows Server 2003 architecture, presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users, while also acting as the central authority for network security. In addition to providing comprehensive directory services to a Windows environment, Active Directory is designed to be a consolidation point for isolating, migrating, centrally managing, and reducing the number of directories that companies require. Active Directory provides the following technology advantages:

  • A central location for network administration and delegation of administrative authority. Active Directory stores objects that represent all network users, devices, and resources, and it provides the ability to group objects for ease of management and application of security and Group Policy.
  • Information security and single sign-on for user access to network resources that participate in the directory. Tight integration with security eliminates costly tracking of accounts for authentication and authorization between systems. A single username and password combination can identify each network user, and the user retains this identity throughout the network, which reduces management overhead.
  • Scalability. Active Directory includes one or more domains, each with one or more domain controllers, enabling you to scale the directory to meet any network requirements. Active Directory is a multi-master directory, and it is therefore fully redundant. By design, it is very flexible, and will accommodate both simple and complex network requirements.
  • Flexible and global searching. Users and administrators can use desktop tools to search Active Directory. By default, searches are directed to the global catalog, which provides forest-wide search capabilities.
  • Systematic synchronization of directory updates. Updates are distributed throughout the network through secure and cost-efficient replication between domain controllers.
  • Single, modifiable, and extensible schema. The schema is a set of objects and rules that provide the structure requirements for Active Directory objects. You can modify the schema to implement new types of objects or object properties.
  • Integration of object names with Domain Name System (DNS), the Internet-standard computer location system. Active Directory uses DNS to implement an IP-based naming system, so that Active Directory services and domain controllers can be located over standard IP networks, both on intranets and the Internet.
  • Lightweight Directory Access Protocol (LDAP) support. LDAP is the industry-standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory natively supports LDAPv3 and LDAPv2.

Retail organizations can especially benefit from the following security features of Active Directory:

  • IPSec implementation—IPSec is a very important part of the store security environment. IPSec-enabled communications require authentication of both peers. Kerberos authentication, used by Active Directory, can be used to authenticate systems when establishing IPSec-secured communication. This feature eliminates the need to deploy a certificate services infrastructure, which saves significant resources and reduces complexity.
  • Group Policy—Group Policy is the most important feature of Active Directory. It enforces a common security policy across all participating systems. With the help of Group Policy, organizations can define and enforce specific policy requirements, such as user account policies. They can also significantly reduce the attack surface of the computer systems, such as POS terminals, by explicitly defining the allowed services and applications. Group Policy can be also used as a mechanism for deployment of IPSec policies. Because Group Policy objects can be assigned to Active Directory sites, different flexible policies can be assigned to different store networks if they are defined as separate Active Directory sites.


This guidance enables customers to implement security solutions in a layered approach, in order to get to a more secure state while addressing new policies and standards that exist in today's retail industry.

A layered approach increases an attacker's risk of detection, and reduces the attacker's chances of success. Figure 5 illustrates the layers involved in getting to a more secured state.


Figure 5. Layered approach

The goal of this whitepaper is to serve as guidance for securing the retail store by utilizing Microsoft solutions. To that end, this whitepaper offers guidelines that provide organizations with access to the knowledge and resources needed in order to better secure the retail environment.

Customers and partners benefit from this paper in the following ways:

  • Security—By addressing security as outlined in "Securing the Retail Store," especially around network architecture, the retail store attack surface area can be minimized, resulting in a more secured environment.
  • Risk mitigation—By taking into consideration industry regulations, and by utilizing a layered approach, the security risk is significantly reduced, and the impact of breaches and attacks can be better contained.
  • Management—By effectively managing the secured target environment, the retailer can shift from being reactive to proactive, and can effectively reduce the cost of sustaining operations.
  • Flexible guidance—The security layered approach of this guidance is flexible enough to allow for incremental gains in security, and it takes advantage of solutions that provide a higher security return on investment.
  • Time and cost savings—This guidance was used to help meet the retailer's requirements of a better secured and centrally manageable retail store enterprise environment. It saves time by providing guidance for how to increase security and manageability by utilizing the different Microsoft technologies together in an enterprise-class architecture. Background information describes the reasoning, advantages, and considerations behind the approach chosen.

Table 2 highlights the major sections of the series and the relative effort/impact of each section.

Table 2. Effort/impact of each section of this series

Segmenting the Store Network
Applying ACL Rules
Leveraging IPSec
Securing Wireless Networks
Planning for Network Access Protection
Centralizing Client Policy Management
Leveraging a Certification Authority
Disabling Unnecessary Services and Managing Services Parameters…
Using a Host Based Firewall
Using Data Encryption
Minimizing Data Storage
Leveraging a Centralized Authentication and Authorization Directory
Automating Operating System Deployment
Managing Security Updates and Software Deployment
Auditing and Reporting
Managing Inventory and Assets
Monitoring Systems

Table 3 lists the sections that will be covered in the next part in this series.

Table 3. Sections covered in Part 2 of this series

Applying ACL Rules
Leveraging IPSec
Leveraging a Certification Authority
Using a Host Based Firewall
Using Data Encryption
Automating Operating System Deployment
Managing Security Updates and Software Deployment


The team that produced Microsoft "Securing the Retail Store" whitepaper came mainly from the Retail & Hospitality Industry Group, but other areas within Microsoft were also leveraged for completeness. The following people made a substantial contribution to the development, writing, and testing of this content.

Program Management

Chris Jewell, Hayan Ortega


Boris Nisenbaum, Chong Lee, Brian Seymour

Subject Matter Expertise (Microsoft)

Hayan Ortega, Chris Jewell, Christopher McLendon, Frank May, Bart Robertson, Clay Morrisette

Lab Team

Erik Kamont, Marcus Barton


Securing the Retail Store

This whitepaper presents the Microsoft vision of retail store security. It provides a technical roadmap to achieving the Microsoft vision, and it discusses alternative solutions when infrastructure, cost, and complexity constraints exist.

This paper provides information about how to improve the security of a retail store, while also considering state legislation and industry regulations.

Windows Server System Reference Architecture (WSSRA)

This describes a standardized infrastructure architecture for large organizations. Its guidelines and blueprints provide organizations with access to the knowledge and resources needed in order to design and implement unique solutions with more speed, and less risk and cost.

Cardholder Information Security Program (CISP)

Mandated since June 2001, this program is intended to protect Visa cardholder data—wherever it resides—thus ensuring that members, merchants, and service providers maintain the highest information security standard.