Re: Debian in small/medium business

To: debian-user@lists.debian.org
Subject: Re: Debian in small/medium business
From: David Christensen <dpchrist@holgerdanske.com>
Date: Wed, 04 Mar 2015 18:36:00 -0800
Message-id: <[🔎] 54F7C110.8000600@holgerdanske.com>
In-reply-to: <[🔎] 20150304203044.GL21314@randomstring.org>
References: <[🔎] CAHSK-XGSr4GKz8bySqaD0HigpD+eieiGSj3BLj-c2h_-k70n2g@mail.gmail.com> <[🔎] 20150304203044.GL21314@randomstring.org>

On 03/04/2015 12:30 PM, Dan Ritter wrote:

On Wed, Mar 04, 2015 at 10:51:21AM -0800, Victor Charles wrote:

I'm starting my own spares business soon and will be using a Linux
compatible Point of Sale system on about 5-6 desktop computers to begin
with.
I am impressed with SUSE Linux Enterprise  Point of Sale (SLEPOS) but I'm
sure Debian 7 or (soon) Debian 8 can perform the same functions, if not
better.
Anyone have experience with Debian in business or have any recommendations?

The best distribution for you is the one that you have the most
support for.

+1

If someone is selling you a POS system, then they should be
supplying support.

+1

If you're building a POS system, you should evaluate the
relative communities and support organizations.


-1

I'd recommend:

1. Use *only* the hardware and the GNU/Linux distribution your POSvendor recommends and supports. This includes make, model, hardwareversion, firmware version, etc..


2.  Encrypt all drives.

3.  Photography everything for insurance purposes.

4. Better yet, buy all your hardware from your POS vendor with the O/Sand all the software pre-installed and pre-configured.

5. Get a static IP Internet connection and set up a hardware firewallthat your POS vendor knows and likes (buy it from them if you can). Putyour POS machines behind it, and nothing else.

a. Configure the firewall to give your POS vendor's static IPaddress external SSH access to the firewall and internal access to thePOS machines (all via SSH keys only; block password authentication).

b. Configure the firewall to block all outgoing traffic, exceptwhat your POS vendor needs. Yes, employees will cry if they can't surffrom the POS machines; would you rather be cracked and deal withnotifying all your customers of the data breach?

4. Don't update/ upgrade the machines unless your POS vendor tells youto do so, and only with the *exact* patches they have verified. Betteryet, pay them to do it.

5. Backup, image, and archive religiously. Even if you pay your POSvendor to do this (good idea), implement a local solution anyway(coordinate with your POS vendor). Encrypt everything and keep copiesoff-site forever.


HTH,

David

Reply to:

Follow-Ups:
- Re: Debian in small/medium business
  - From: David Christensen <dpchrist@holgerdanske.com>

References:
- Debian in small/medium business
  - From: Victor Charles <vcl949om@gmail.com>
- Re: Debian in small/medium business
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: Strange entry in my routing table.
Next by Date: Re: Strange entry in my routing table.
Previous by thread: Re: Debian in small/medium business
Next by thread: Re: Debian in small/medium business
Index(es):
- Date
- Thread