FUJ00087151
FUJ00087151
To:
From:
Sent: Thur 6/25/2015 1:
Subject: FW: 3 scenario demo
; Bell Gavin;
> is 2
DMINGROUP1/CN=RECIPIENTS/C! LAGG-NEWSOMEP]
Information below as discussed.
Pete
Pete Newsome
Business Change Manager
Post Office Account, Fujitsu UK&l
Web: http://uk.fujitsu.com
I £I¥in/e)
Fujitsu is proud to partner with Shelter, the housing and homelessness charity
E-Mail: pete.newsome@t.
bie'I Please consider the environment - do you really need to print this email?
From: Parker Steve
Sent: 25 June 2015 12:05
To: Haywood Dave; Newsome Pete
Subject: RE: 3 scenario demo
Minor changes inline
From: Haywood Dave
Sent: 25 June 2015 11:32
To: Newsome Pete; Parker Steve
Subject: 3 scenario demo
Pete / Steve,
My notes from the meeting. Let me know if you require anything else.
1) Original Horizon system - can’t demo as doesn’t exist
System was largely batch / able to operate offline with transactions stored at the
counter
Hard drive was encrypted to secure local transaction data (Riposte distributed database)
No remote access to ISDN lines because of service provider closed user group. Even if it
was possible to dial a branch ISDN line, the ISDN card in branch counter 1 does not
answer and drops the call. Counter 1 then calls back to known data centre number(s).
2) HNG-X system
Robustness of audit trail
Hard drive is not encrypted as no local transaction data
Remote access
Must be a Fujitsu employee
Security / financially vetted
ikey token (2 factor authentication)
Live environment AD username and password
Access to a Fujitsu network (for Live support Terminal Server access)
Terminal server logins are audited
Access from terminal server to counter is not audited
Remote access branch counter key required
Knowledge of counter names / IP addresses
Command line access only (no remote desktop)
No known way to alter / inject transactions into the counter (no transaction data
stored locally)
3) Local branch access
FUJ00087151
FUJ00087151
ible
and use correct IP address
Network (VPN) terminates on all counters
LAN access via hub is pos
Attacker needs to dete
Encrypted Virtual Privat
No access to key material
No access to data centre beyond boundary VPN servers
No access to post master / clerk username / password
4) Remote counter access
RDP (terminal services) is disabled on the counter
5) Witness statements from Gareth Jenkins - already in the public domain / second sight
Regards,
Dave Haywood
Security Architect
Network & Telecoms
Fujitsu
Central Park, Northampton Road, Manchester. M40 SBP.