Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 355
  • Last Modified:

Firewall-Harware to Bypass-Bridge

so a client i know is adding a vending machine to their lunch room that requires connection to the network for payment options. Is there a piece of hardware that can be purchased to attach to "atm" that will bypass the firewall security of their Network. apparently it is being blocked by their firewall....any suggestions....you would think that said vending mach. vendors would have this info....thx
0
gstevederby
Asked:
gstevederby
  • 4
  • 3
  • 3
  • +1
1 Solution
 
bbaoIT ConsultantCommented:
basically, you just want to connect this ATM directly to the internet, by bypassing the client's existing firewall?
0
 
gstevederbyAuthor Commented:
yes
0
 
_Commented:
Did you try putting it's address in the DMZ?
0
Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

 
bbaoIT ConsultantCommented:
if the client's firewall does provide a DMZ zone, Coral47's suggestion is the way to go.

if not, enable port forwarding on the firewall to allow required ports to be remapped to the ATM on an internal IP.

actually, if the client's ISP could offer one more public IP address, the most simple way is to put small switch before the firewall and connect the ATM to the switch to make sure the ATM is physically sepaeated from the client's network.
0
 
_Commented:
>> ...if the client's ISP could offer one more public IP address...

Good idea. Definitely the way to go, if possible.
0
 
btanExec ConsultantCommented:
also to note that likely the PCI DSS compliance may need to be considered such as end to end encryption to ensure the confidentiality of the credit info in transit and data at rest/data in use in the vendor mach, if applicable. so besides bypassing the FW, this has to be taken into consideration. there may be a vpn tunnel end to end and terminate at the FW (assuming that is the perimeter for all payment services including that "atm")
0
 
bbaoIT ConsultantCommented:
> likely the PCI DSS compliance may need to be considered
> besides bypassing the FW, this has to be taken into consideration.
> a vpn tunnel end to end and terminate at the FW.

yes PCI DSS and all related security standards should be followed but i would say those are all the ATM vendor's responsibility, not the party that just provides the space.

is your client the owner of this ATM? if yes, you really need to consider breadtan's suggestions.
0
 
btanExec ConsultantCommented:
indeed as bbao shared. Also if vendor machine has those credit card details of the end user stored on that machine  (which i supposed not by default and not recommended) then this has to be factor to ensure confidentiality as well. This is not necessary the ATM onus since they do not own those machine and just serving as 3rd party payment services. The project team need to have oversight of the whole ecosystem in the various system and their interfaces.

Even the PCI DSS may implicate your overall design and by having not those sensitive data and offloading those to payment service to address it will scope down your service security requirement. We should apprise the stakeholder collectively to make a complete assessment of the designed security service offering. Just another few cents worth...keep the design simple and complexity is enemy to security
0
 
gstevederbyAuthor Commented:
all very good ideas, i will run them past the powers to be for decision...thank you all
0
 
btanExec ConsultantCommented:
glad to help but suggest if answers help have assisted it is good to point out so that others can benefit when they chanced on this solved question. Helped to make informed decision on the larger user base :) Nonetheless, thanks!
0
 
gstevederbyAuthor Commented:
The problem is as a consultant I can only recommend what the client should do , ultimately it is up to the company if they want to invest in purchase of another isp line or add hub. What I am recommending is port forwarding and bringing up the security issues involved with each choice. While I understand the need for a definitive answer for the larger audience I feel that ALL the suggestions will work...but end of the day it is up to the client if they are to spend more money to get there.
 So on this  question that is the best i can say Unfortunately. Prob. should have split the points awarded in this answer...and as you mentioned, keep it simple..thanks again
0
 
btanExec ConsultantCommented:
Noted and well received. if you will like to split the answer I believe the moderator can re-open for your kind allocation :)
0

Featured Post

The Firewall Audit Checklist

Preparing for a firewall audit today is almost impossible.
AlgoSec, together with some of the largest global organizations and auditors, has created a checklist to follow when preparing for your firewall audit. Simplify risk mitigation while staying compliant all of the time!

  • 4
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now