Solved

Firewall-Harware to Bypass-Bridge

Posted on 2014-03-01
12
331 Views
Last Modified: 2014-03-04
so a client i know is adding a vending machine to their lunch room that requires connection to the network for payment options. Is there a piece of hardware that can be purchased to attach to "atm" that will bypass the firewall security of their Network. apparently it is being blocked by their firewall....any suggestions....you would think that said vending mach. vendors would have this info....thx
0
Comment
Question by:gstevederby
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 39898673
basically, you just want to connect this ATM directly to the internet, by bypassing the client's existing firewall?
0
 

Author Comment

by:gstevederby
ID: 39898788
yes
0
 
LVL 32

Expert Comment

by:_
ID: 39898835
Did you try putting it's address in the DMZ?
0
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 500 total points
ID: 39899279
if the client's firewall does provide a DMZ zone, Coral47's suggestion is the way to go.

if not, enable port forwarding on the firewall to allow required ports to be remapped to the ATM on an internal IP.

actually, if the client's ISP could offer one more public IP address, the most simple way is to put small switch before the firewall and connect the ATM to the switch to make sure the ATM is physically sepaeated from the client's network.
0
 
LVL 32

Expert Comment

by:_
ID: 39899306
>> ...if the client's ISP could offer one more public IP address...

Good idea. Definitely the way to go, if possible.
0
 
LVL 61

Expert Comment

by:btan
ID: 39899568
also to note that likely the PCI DSS compliance may need to be considered such as end to end encryption to ensure the confidentiality of the credit info in transit and data at rest/data in use in the vendor mach, if applicable. so besides bypassing the FW, this has to be taken into consideration. there may be a vpn tunnel end to end and terminate at the FW (assuming that is the perimeter for all payment services including that "atm")
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 39899591
> likely the PCI DSS compliance may need to be considered
> besides bypassing the FW, this has to be taken into consideration.
> a vpn tunnel end to end and terminate at the FW.

yes PCI DSS and all related security standards should be followed but i would say those are all the ATM vendor's responsibility, not the party that just provides the space.

is your client the owner of this ATM? if yes, you really need to consider breadtan's suggestions.
0
 
LVL 61

Expert Comment

by:btan
ID: 39900385
indeed as bbao shared. Also if vendor machine has those credit card details of the end user stored on that machine  (which i supposed not by default and not recommended) then this has to be factor to ensure confidentiality as well. This is not necessary the ATM onus since they do not own those machine and just serving as 3rd party payment services. The project team need to have oversight of the whole ecosystem in the various system and their interfaces.

Even the PCI DSS may implicate your overall design and by having not those sensitive data and offloading those to payment service to address it will scope down your service security requirement. We should apprise the stakeholder collectively to make a complete assessment of the designed security service offering. Just another few cents worth...keep the design simple and complexity is enemy to security
0
 

Author Closing Comment

by:gstevederby
ID: 39902476
all very good ideas, i will run them past the powers to be for decision...thank you all
0
 
LVL 61

Expert Comment

by:btan
ID: 39903058
glad to help but suggest if answers help have assisted it is good to point out so that others can benefit when they chanced on this solved question. Helped to make informed decision on the larger user base :) Nonetheless, thanks!
0
 

Author Comment

by:gstevederby
ID: 39904178
The problem is as a consultant I can only recommend what the client should do , ultimately it is up to the company if they want to invest in purchase of another isp line or add hub. What I am recommending is port forwarding and bringing up the security issues involved with each choice. While I understand the need for a definitive answer for the larger audience I feel that ALL the suggestions will work...but end of the day it is up to the client if they are to spend more money to get there.
 So on this  question that is the best i can say Unfortunately. Prob. should have split the points awarded in this answer...and as you mentioned, keep it simple..thanks again
0
 
LVL 61

Expert Comment

by:btan
ID: 39905158
Noted and well received. if you will like to split the answer I believe the moderator can re-open for your kind allocation :)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This article is a how to to configure a UCS Ethernet-uplink portchannel via the console. It is easy to do and can be done quite quickly. In certain versions of the UCS manager the portchannel has issues coming up and this is a workaround. I am…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now