Need Assistance?
Contact us 24/7 at 1-800-561-8880 for support.
Purpose
This guide instructs DPL customers on how to properly configure SSL/TLS on Triton ATMs using a Hercules wireless modem. This guide is based on the Triton Argo RL2413 – the required steps for your model may vary. The document will take you through:
- Setting up address-based host setup
- Enabling SSL/TLS
By the end of the document you will have a securely connected ATM that should be resilient to Man-in-the-Middle (MITM) attacks involving tampering of the Ethernet or modem.
NOTE: To download the non DPL specific Triton SSL/TLS configuration guide click here.
Prerequisites
To successfully complete the following steps ensure your Hercules wireless modem and ATM have the latest firmware updates. If unsure, please contact DPL’s technical support department. Examples of the required information will be provided in the steps below.
Steps
1. ATM TCP/IP Setup
Before setting up SSL/TLS, confirm you are on a TCP/IP ATM configured for DHCP or static IP as instructed below.
NOTE: DHCP will enable dynamic allocation of the IP address from the Hercules modem that the ATM is plugged into. This is preferred as it means changes to the ATM are not required if changes are made to the settings of the Hercules modem. Static IP can be more stable for some older ATMs but requires manual ATM reconfiguration if the Hercules modem is updated to new addresses (or other network topology changes).
a) Open the communication menu and use the ATM Operator Menu to navigate to the Communication screen seen as below. From this screen, enable TCP/IP by pressing the 1 key and choosing TCP/IP.
ATM Operator Menu > Terminal Configuration > Communication
b) Enable either DHCP (preferred for newer installations) or a static IP (using information provided by the Hercules modem) using the 6 key on the keypad to toggle DHCP, then save using the Save and Return button on screen.
ATM Operator Menu > Diagnostics > Modem / Ethernet > Configure Ethernet Settings
c) Once your information has been input press Save and Return on the screen to save the changes.
NOTE: If you have switched from Static to DHCP or vice versa, you may need to reboot the ATM now or after completing the remaining steps. See how to reboot your ATM under "Testing SSL" below.
Alternative: Static IP Configuration
The Hercules can also be used with a static IP configuration. If that is required, use the information provided below and your ATM will be connected to the Hercules. Use the Enable DHCP check box to switch to static configuration and enter the following:
- IP Address: 192.168.0.55
- Subnet Mask: 255.255.255.0
- Primary WINS: Leave Blank
- Gateway: 192.168.0.1
- Primary DNS: 192.168.0.1
2. Enabling SSL/TLS Properly
In this section we will enable TLS 1.2 to secure the ATM against man-in-the-middle attacks on the Ethernet line.
a) Navigate to the Communication screen using the path listed below, then check the Enable SSL box by pressing the 0 key on the keypad.
ATM Operator Menu > Terminal Configuration > Communication
3. SSL Host Configuration
In this section we will configure the host addresses for SSL/TLS. For the Hercules the address field is tls.dplwireless.com and the port field is 8000. Triton uses a URI instead of independent fields, for this reason, combine them to be tls.dplwireless.com:8000 – this should be entered directly into the Primary and Backup Host Addresses. DPL manages the connection from the Hercules modem through our secure network to your payment processor. Please contact our technical support department to configure the payment processor information for your Hercules modem or log in to the Hercules Portal to configure it yourself (learn how).
a) Configure the information using the data listed above. Navigate to the Communication screen and enter the host information.
ATM Operator Menu > Terminal Configuration > Communication
4. Testing SSL
The easiest way to perform a test of your new SSL configuration for your is to perform a dummy transaction on your Triton Argo RL2413.
NOTE: If you encounter any issues use the 5 key to Restart The Terminal on the System Parameters screen as seen below as seen below to reboot the ATM to ensure the TCP/IP information has taken effect.
ATM Operator Menu > System Parameters > Restart The Terminal
If there is a failure at this point, go back and double check all the configuration options from the previous steps.
Conclusion
After completing all the above steps your Triton ATM will be set to use SSL (TLS 1.2) on all transactions with the payment processor. This ensures that no third parties can listen on the line, get any usable data, terminate the SSL connection and proxy it out (MITM attack), or commit any other nefarious logical attack against outgoing data from your ATMs.
Comments
0 comments
Please sign in to leave a comment.