What To Consider

Security Policy Options & TCP Secure Connection Settings

This provides an explanation of the Security Policy options & TCP Secure Connection Settings available that work in-conjunction with the SwiftPOS Connect service. These need to be considered when configuring Touch POS Terminals in Back Office and when configuring Security Policy settings for KVS, Menu Boards, Reception and Touch Terminals.

Refer to TCP Secure Connections Overview for an overview of the TCP Connection scenarios that can be configured.

 


Subjects      

     


    To Be Considered      

     


    Security Policy Options      

     


     

    The following options are available:

     


    None      

    Select to ensure the TCP connection with KVS, Menu Boards, Reception and Touch Terminals, WILL ALWAYS be unencrypted. That is, the SwiftPOS Connect service will not be required to encrypt the TCP connection. This will also be the case, even if a Security Certificate has been configured in the Touch POS Terminal settings.

     

    Notes...



    This only applies when the TCP Secure Connection Settings is set to None or Favour Secured.

     


    Minimal - (Default)      

    Select to ensure the TCP connection with KVS, Menu Boards, Reception and Touch Terminals, will be by default unencrypted. That is, the SwiftPOS Connect service will not be required to encrypt the TCP connection. However, if a Security Certificate has been configured in the Touch POS Terminal settings, and the TCP Secure Connection setting has been set to either Favour Secured or Force Secured (v10+ Only), the TCP connection will be encrypted.

     

    Notes...



    If the TCP Secure Connection Settings is set to None the TCP connection will be allowed, but will be unencrypted.

     


    Standard      

    Select to ensure the TCP connection with KVS, Menu Boards, Reception and Touch Terminals, is required to be encrypted. This will require Security Certificate to be configured and the TCP Secure Connection setting set to either Favour Secured or Force Secured (v10+ Only). Once set the following checks will be done to ensure encryption:

     

    Notes...



    The following checks will NOT be done.

    -->

    If these are required, then select the Strict option.



     

     


    Strict      

    Select to ensure the TCP connection with KVS, Menu Boards, Reception and Touch Terminals, is required to be encrypted. This will require Security Certificate to be configured and the TCP Secure Connection setting set to either Favour Secured or Force Secured (v10+ Only). Once set the following checks will be done to ensure encryption:

    • The Security Certificate is valid and has not expired.
    • The DNS names match. That is, the host name of the server entered into the POS application must match the certificate.
    • The Security Certificate has been signed by a trusted root certificate somewhere in the chain. This means self-signed certificate CANNOT be used.

     


    Tcp Secure Connection Settings      

     


     

    The following options are available:

     


    None      

    Select to ensure all TCP connections for KVS, Menu Boards, Reception and Touch Terminals are unsecured.

     

    Notes...



    Encryption of the sales data between Touch and the SwiftPOS Connect service will still occur.

     


    Favour Secured      

    Configured in Back Office > Touch POS Terminals.

    Select to ensure an attempt is made to enforce the encryption of the TCP connection where possible. This will be attempted when a Security Certificate has been selected and the Security Policy Option for KVS, Menu Boards, Reception and/or Touch Terminals has been set to either Minimal (default), Standard or Strict. If set to None, the TCP connection will still be allowed but it will be unencrypted.

     


    Force Secured (v10+ Only)      

    Same as the Favour Secured option above, except that if the Security Policy Option for KVS, Menu Boards, Reception and/or Touch Terminals has been set to None, the TCP connection will be rejected.

     


    Security Certificate      

    Displays the security certificate that's been selected and will be used by the SwiftPOS Connect service when binding with the Security Certificate.

     

    Notes...



    If the Security Certificate is changed or renewed, then the SwiftPOS Connect service will need to be restarted.

     


    Certificate Store      

    Select from the drop-down list one of the Local Machine Certificate Stores which contains the certificateto be selected. Once the correct store has been selected, use the […] button to the right of the drop down to display all valid certificates within that store which can be selected for use by the Connect Service (expired certificates won’t be displayed). Common Certificate Store descriptions in swiftpos and what they convert too in the Windows Certificate Manager are:

     


     

    Noteworthy 
    • CertificateAuthority - Intermediate Certification Authorities store.
    • My - Personal Certificate store.
    • Root - Trusted Root Certification Authorities store.

     


    Hardware Lock Terminals      

    Select to ensure a Hardware Lock is required to establish a connection to the Back Office. Once selected all Touch POS Terminals will require a Hardware Access Code to be entered when attempting to connect via the the SwiftPOS Connect service.

     

    Notes...



    This option will only be enabled when either one of the above secured options are selected and a valid Security Certificate has been selected.

     

    End of article.