Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

PCI Compliance Proxy server requirement 1.3

Posted on 2009-06-29
9
Medium Priority
?
1,513 Views
Last Modified: 2013-11-15
We are attempting to become PCI compliant.

I am looking for some guidanve and experience for requirement 1.3.

1.3 - 'Prohibit direct public access between the internet and any system component in the card holder data environmenty.

We have PCs on the CCD network that wish to access the internet.

For this indirect access is a a firewall running NAT and Stateful packet filtering  sufficient to meet the above requirement. or

Do we require to create a DMZ and place a proxy server in there to manage connections to the internet.

What is acceptable to a QSA.
Many thanks
0
Comment
Question by:dbhsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
9 Comments
 

Author Comment

by:dbhsupport
ID: 24743166
whackamod

sorry for that, not sure how it ended up in documentum, my mistake.

Its more networking compliance standards, nothing to do with web development, thanks for your help can you tell me how to change it.
0
 
LVL 29

Accepted Solution

by:
coreybryant earned 1500 total points
ID: 24774899
Your first solution is good and the second solution using the proxy server would be better.
Most companies (ASV) will provide you a free report - you might consider having a licensed ASV do this to see if this is acceptable.  However, with you being Level 1, I would consider using the proxy server, along with a WebThreat service to help prevent any unauthorized access (maybe like BlueCoat).
0
 

Author Comment

by:dbhsupport
ID: 24783588
Hi Corey,

Sorry if I was misunderstood, we are level 4 not 1, self assessment with fairly limited kit at each site ( AD server , some PCs and a CCD holding application on a seperate server ).

That is great news if the firewall alone is sufficient, we are planning using the Sonicwall - with IPS service on. Because the upheaval of creating a DMZ and then having something to put in it?? would stretch our IT resource.

The interpretation of what is indirect access, is quite varied. I appreciate DMZ - proxy better, but looking to secure in as cost effective a manner as possible.
Have you seen an ASV approved setup with this config?

Many thanks


0
 
LVL 29

Assisted Solution

by:coreybryant
coreybryant earned 1500 total points
ID: 24827862
They might approve the set-up, most will give you a free report.  It matters more on what the ASV can get through (if they can get through) to your closed system.  
You might also take a look at the self-assessment questionnaire (completed annually) to help you as well.
If you are in the United States - you have a number of options available to you.  Personally, I would stay away from First Data (and its agents).  They will charge you an annual PCI compliance fee even if you use another company to help you with PCI compliancy.  They say it can be waived, but this is after they charge you and usually they only refer a portion of the fee already accessed.  
0
 

Author Closing Comment

by:dbhsupport
ID: 31597847
not really what i was after
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
The viewer will learn the benefit of using external CSS files and the relationship between class and ID selectors. Create your external css file by saving it as style.css then set up your style tags: (CODE) Reference the nav tag and set your prop…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question