Solved

Separate Credit Card Machines for PCI Compliance

Posted on 2016-10-08
4
76 Views
Last Modified: 2016-11-04
I have a customer that fails the PCI Compliance scan.  There is an in-house SBS server with the typical 80, 25, 443, 3389, etc ports necessary for SBS but the PCI Compliance scan sees all these as vulnerabilities.

- The customer does have available public static IP's
- The customer has a SonicWall Firewall TZ105
- The credit card machines are connected to the network wirelessly via Ubiquiti access points

Is there a way I can separate these two credit card machines on a separate network using an available public static IP?
0
Comment
Question by:ptsolutionsinc
  • 2
4 Comments
 
LVL 23

Accepted Solution

by:
masnrock earned 500 total points
ID: 41835522
Yes. You can create a separate subnet on an available interface, then create NAT rules so that the traffic translates to the available public IP. You also need to make sure that the two subnets cannot communicate with one another.

You can also accomplish this with VLANs. You will need to make sure the right switch port is configured for the right network.

I have done this a few times for compliance. Does the credit card machine communicate with any applications?
0
 
LVL 22

Expert Comment

by:eeRoot
ID: 41836021
The firewall should have the ability to create a separate non-routed VLAN that the access and point and credit card readers can be placed into.  Do you know whet the credit card readers need to communicate with?
0
 

Author Comment

by:ptsolutionsinc
ID: 41837579
OK I follow both of you on your recommendations but the credit card readers are connected to the office WiFi, there are no physical LAN connections.   I am think of buying an inexpensive wireless router, connect it to the separate sonicwall vlan/subnet and connect the wireless credit card machines to this new router.
0
 
LVL 23

Assisted Solution

by:masnrock
masnrock earned 500 total points
ID: 41837599
That's one way to do it. And it is simple. But like I mentioned, make sure that you create NAT policies for the new subnet you set up. And also to update the IP address that your PCI scans check.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
CA single sign on 2 72
Intrusion detection 20 54
Do we do penetration & VA scans against SOC EVM event collector 5 66
Blocking content from YouTube 3 80
Many companies are looking to get out of the datacenter business and to services like Microsoft Azure to provide Infrastructure as a Service (IaaS) solutions for legacy client server workloads, rather than continuing to make capital investments in h…
How important is it to take extra precautions to protect your online business? These are some steps you can take to make sure you're free of any cyber crime.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now