<div>
<div class="content wysiwyg-content">
I have a network that I am working on and it is shown below:<br />
<br />
<br />
[Credit Card Machine]----------------Pr<wbr />ivate dedicated fiber line---------[Server]-----<wbr />----[FW]--<wbr />------[Cab<wbr />le Modem]<br />
<br />
The fiber is dedicated and is connected to the server that hosts a VMware vm that the third party payment processor gave us. From this server it is connected to a Linksys router/FW and out to the internet. &nbsp;What is exactly in scope here for PCI compliance? &nbsp;I don't believe we are storing any credit card information on the server but I am not certain since I just started work on this.<br />
<br />
Also what other options exists for getting the data to the third party processor as we are looking to eliminate the fiber line and the server?<br />
<br />
Thanks
</div>
</div>


I have a network that I am working on and it is shown below:


[Credit Card Machine]----------------Private dedicated fiber line---------[Server]---------[FW]--------[Cable Modem]

The fiber is dedicated and is connected to the server that hosts a VMware vm that the third party payment processor gave us. From this server it is connected to a Linksys router/FW and out to the internet.  What is exactly in scope here for PCI compliance?  I don't believe we are storing any credit card information on the server but I am not certain since I just started work on this.

Also what other options exists for getting the data to the third party processor as we are looking to eliminate the fiber line and the server?

Thanks

What is in scope for PCI compliance on this network?

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Vulnerabilities

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.