A SUSEĀ® Linux Enterprise Point of Service setup includes various components that should be secured against intentional and unintentional tampering with the data and against software misbehavior. Securing your setup involves several different aspects:
First and foremost, every server component of the SUSE Linux Enterprise Point of Service setup must be secured against unauthorized access. Physically isolating the servers from other machines is just one aspect of providing physical security. For details, refer to Section 4.1, Physical Server Security.
All servers connected with each other over potentially insecure networks, take the Admin Server and the Branch Servers for example, need to be secured against unauthorized access via the networks they are connected to. For details, refer to Section 4.2, Network Security.
Both the Admin and the Branch Server contain vital data that needs to be protected to maintain a fully functional and secure setup. The most important part in this is securing the LDAP directory on the Admin Server that is used to maintain the system structure, configuration and deployment method for all Branch Servers and POS terminals, and other important data. For details on how to achieve this, refer to Section 4.3, Data Security.
Once physical, network and data security are provided, tighten the security of your setup even further by using AppArmor. AppArmor profiles are used to confine applications and keep them from performing unnecessary file or directory accesses and this helps to make sure that every profiled application just does what it was designed to and not become a security risk itself. For more details on AppArmor usage on SUSE Linux Enterprise Point of Service, refer to Section 4.4, Application Security.