Abstract
This paper gives a description of how VendNovation solutions utilize the Ethernet network. This information is meant to answer typical questions that network administrators will have regarding security.
Overview of VendNovation Solutions
VendNovation solutions enable vending machines to connect to VendNovation’s back end processing system for the purposes of credit card processing, user account authentication, or simply reporting sales. Using this information, the vending operator can accurately determine the status of the machine and provide high levels of service to the end user.
Connectivity
VendNovation solutions encrypt data using a combination of RSA-2048 and AES-128, and transmit that data over HTTP (TCP 80). Included in the payload is a digital signature (using RSA-2048) to prove that the client is a VendNovation device. All data sent to or from a VendNovation device is encrypted in this manner.
AES keys are randomly generated and exchanged every time the VendNovation device contacts the server.
A typical transaction with the server will send a total of about 2 kilobytes of data. When downloading an update from the server, the data size can hit about 50 kilobytes. VendNovation solutions check for updates once a day, sometime between 3am and 4am, in order to minimize the impact of the increased network usage.
VendNovation solutions will only establish connections with VendNovation’s back end server (www.vendnovation.com), whose IP address is 50.112.128.240 (hosed in the Amazon cloud). Network administrators are free to restrict the device’s communications to this address. If, for some unforeseen reason, the IP address of VendNovation’s server needs to be changed, all of VendNovation’s clients will be notified in advance, so that firewall rules can be updated.
VendNovation solutions do not support the proxy protocol. If a proxy service is required, it must be a transparent proxy.
Every VendNovation device has a unique MAC address, purchased from IEEE. The MAC can be found on a sticker on the back of the control board, or in the service menu.
Cloud
VendNovation’s back end servers are hosted in Amazon’s secure, PCI compliant datacenters. The servers are only accessible to authorized VendNovation staff, and are engineered to provide maximum uptime while providing data redundancy in the case of any hardware failure.
For an overview of Amazon’s cloud system security, visit:
http://aws.amazon.com/ec2/#highlights
For detailed information about Amazon’s cloud hosting security, you can view the whitepaper here:
http://d36cz9buwru1tt.cloudfront.net/pdf/AWS_Security_Whitepaper.pdf