Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Firewall-Harware to Bypass-Bridge

Posted on 2014-03-01
12
Medium Priority
?
353 Views
Last Modified: 2014-03-04
so a client i know is adding a vending machine to their lunch room that requires connection to the network for payment options. Is there a piece of hardware that can be purchased to attach to "atm" that will bypass the firewall security of their Network. apparently it is being blocked by their firewall....any suggestions....you would think that said vending mach. vendors would have this info....thx
0
Comment
Question by:gstevederby
  • 4
  • 3
  • 3
  • +1
12 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 39898673
basically, you just want to connect this ATM directly to the internet, by bypassing the client's existing firewall?
0
 

Author Comment

by:gstevederby
ID: 39898788
yes
0
 
LVL 32

Expert Comment

by:_
ID: 39898835
Did you try putting it's address in the DMZ?
0
Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

 
LVL 37

Accepted Solution

by:
bbao earned 2000 total points
ID: 39899279
if the client's firewall does provide a DMZ zone, Coral47's suggestion is the way to go.

if not, enable port forwarding on the firewall to allow required ports to be remapped to the ATM on an internal IP.

actually, if the client's ISP could offer one more public IP address, the most simple way is to put small switch before the firewall and connect the ATM to the switch to make sure the ATM is physically sepaeated from the client's network.
0
 
LVL 32

Expert Comment

by:_
ID: 39899306
>> ...if the client's ISP could offer one more public IP address...

Good idea. Definitely the way to go, if possible.
0
 
LVL 65

Expert Comment

by:btan
ID: 39899568
also to note that likely the PCI DSS compliance may need to be considered such as end to end encryption to ensure the confidentiality of the credit info in transit and data at rest/data in use in the vendor mach, if applicable. so besides bypassing the FW, this has to be taken into consideration. there may be a vpn tunnel end to end and terminate at the FW (assuming that is the perimeter for all payment services including that "atm")
0
 
LVL 37

Expert Comment

by:bbao
ID: 39899591
> likely the PCI DSS compliance may need to be considered
> besides bypassing the FW, this has to be taken into consideration.
> a vpn tunnel end to end and terminate at the FW.

yes PCI DSS and all related security standards should be followed but i would say those are all the ATM vendor's responsibility, not the party that just provides the space.

is your client the owner of this ATM? if yes, you really need to consider breadtan's suggestions.
0
 
LVL 65

Expert Comment

by:btan
ID: 39900385
indeed as bbao shared. Also if vendor machine has those credit card details of the end user stored on that machine  (which i supposed not by default and not recommended) then this has to be factor to ensure confidentiality as well. This is not necessary the ATM onus since they do not own those machine and just serving as 3rd party payment services. The project team need to have oversight of the whole ecosystem in the various system and their interfaces.

Even the PCI DSS may implicate your overall design and by having not those sensitive data and offloading those to payment service to address it will scope down your service security requirement. We should apprise the stakeholder collectively to make a complete assessment of the designed security service offering. Just another few cents worth...keep the design simple and complexity is enemy to security
0
 

Author Closing Comment

by:gstevederby
ID: 39902476
all very good ideas, i will run them past the powers to be for decision...thank you all
0
 
LVL 65

Expert Comment

by:btan
ID: 39903058
glad to help but suggest if answers help have assisted it is good to point out so that others can benefit when they chanced on this solved question. Helped to make informed decision on the larger user base :) Nonetheless, thanks!
0
 

Author Comment

by:gstevederby
ID: 39904178
The problem is as a consultant I can only recommend what the client should do , ultimately it is up to the company if they want to invest in purchase of another isp line or add hub. What I am recommending is port forwarding and bringing up the security issues involved with each choice. While I understand the need for a definitive answer for the larger audience I feel that ALL the suggestions will work...but end of the day it is up to the client if they are to spend more money to get there.
 So on this  question that is the best i can say Unfortunately. Prob. should have split the points awarded in this answer...and as you mentioned, keep it simple..thanks again
0
 
LVL 65

Expert Comment

by:btan
ID: 39905158
Noted and well received. if you will like to split the answer I believe the moderator can re-open for your kind allocation :)
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Before I go to far, let's explain HA (High Availability) and why you should consider it.  High availability is the mechanism used to provide redundancy to any service at the same site and appears as a single service to the users of that service.  As…
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question