gstevederby
asked on
Firewall-Harware to Bypass-Bridge
so a client i know is adding a vending machine to their lunch room that requires connection to the network for payment options. Is there a piece of hardware that can be purchased to attach to "atm" that will bypass the firewall security of their Network. apparently it is being blocked by their firewall....any suggestions....you would think that said vending mach. vendors would have this info....thx
basically, you just want to connect this ATM directly to the internet, by bypassing the client's existing firewall?
ASKER
yes
Did you try putting it's address in the DMZ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> ...if the client's ISP could offer one more public IP address...
Good idea. Definitely the way to go, if possible.
Good idea. Definitely the way to go, if possible.
also to note that likely the PCI DSS compliance may need to be considered such as end to end encryption to ensure the confidentiality of the credit info in transit and data at rest/data in use in the vendor mach, if applicable. so besides bypassing the FW, this has to be taken into consideration. there may be a vpn tunnel end to end and terminate at the FW (assuming that is the perimeter for all payment services including that "atm")
> likely the PCI DSS compliance may need to be considered
> besides bypassing the FW, this has to be taken into consideration.
> a vpn tunnel end to end and terminate at the FW.
yes PCI DSS and all related security standards should be followed but i would say those are all the ATM vendor's responsibility, not the party that just provides the space.
is your client the owner of this ATM? if yes, you really need to consider breadtan's suggestions.
> besides bypassing the FW, this has to be taken into consideration.
> a vpn tunnel end to end and terminate at the FW.
yes PCI DSS and all related security standards should be followed but i would say those are all the ATM vendor's responsibility, not the party that just provides the space.
is your client the owner of this ATM? if yes, you really need to consider breadtan's suggestions.
indeed as bbao shared. Also if vendor machine has those credit card details of the end user stored on that machine (which i supposed not by default and not recommended) then this has to be factor to ensure confidentiality as well. This is not necessary the ATM onus since they do not own those machine and just serving as 3rd party payment services. The project team need to have oversight of the whole ecosystem in the various system and their interfaces.
Even the PCI DSS may implicate your overall design and by having not those sensitive data and offloading those to payment service to address it will scope down your service security requirement. We should apprise the stakeholder collectively to make a complete assessment of the designed security service offering. Just another few cents worth...keep the design simple and complexity is enemy to security
Even the PCI DSS may implicate your overall design and by having not those sensitive data and offloading those to payment service to address it will scope down your service security requirement. We should apprise the stakeholder collectively to make a complete assessment of the designed security service offering. Just another few cents worth...keep the design simple and complexity is enemy to security
ASKER
all very good ideas, i will run them past the powers to be for decision...thank you all
glad to help but suggest if answers help have assisted it is good to point out so that others can benefit when they chanced on this solved question. Helped to make informed decision on the larger user base :) Nonetheless, thanks!
ASKER
The problem is as a consultant I can only recommend what the client should do , ultimately it is up to the company if they want to invest in purchase of another isp line or add hub. What I am recommending is port forwarding and bringing up the security issues involved with each choice. While I understand the need for a definitive answer for the larger audience I feel that ALL the suggestions will work...but end of the day it is up to the client if they are to spend more money to get there.
So on this question that is the best i can say Unfortunately. Prob. should have split the points awarded in this answer...and as you mentioned, keep it simple..thanks again
So on this question that is the best i can say Unfortunately. Prob. should have split the points awarded in this answer...and as you mentioned, keep it simple..thanks again
Noted and well received. if you will like to split the answer I believe the moderator can re-open for your kind allocation :)