Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Separate Credit Card Machines for PCI Compliance

Posted on 2016-10-08
4
Medium Priority
?
144 Views
Last Modified: 2016-11-04
I have a customer that fails the PCI Compliance scan.  There is an in-house SBS server with the typical 80, 25, 443, 3389, etc ports necessary for SBS but the PCI Compliance scan sees all these as vulnerabilities.

- The customer does have available public static IP's
- The customer has a SonicWall Firewall TZ105
- The credit card machines are connected to the network wirelessly via Ubiquiti access points

Is there a way I can separate these two credit card machines on a separate network using an available public static IP?
0
Comment
Question by:ptsolutionsinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 31

Accepted Solution

by:
masnrock earned 2000 total points
ID: 41835522
Yes. You can create a separate subnet on an available interface, then create NAT rules so that the traffic translates to the available public IP. You also need to make sure that the two subnets cannot communicate with one another.

You can also accomplish this with VLANs. You will need to make sure the right switch port is configured for the right network.

I have done this a few times for compliance. Does the credit card machine communicate with any applications?
0
 
LVL 22

Expert Comment

by:eeRoot
ID: 41836021
The firewall should have the ability to create a separate non-routed VLAN that the access and point and credit card readers can be placed into.  Do you know whet the credit card readers need to communicate with?
0
 
LVL 1

Author Comment

by:ptsolutionsinc
ID: 41837579
OK I follow both of you on your recommendations but the credit card readers are connected to the office WiFi, there are no physical LAN connections.   I am think of buying an inexpensive wireless router, connect it to the separate sonicwall vlan/subnet and connect the wireless credit card machines to this new router.
0
 
LVL 31

Assisted Solution

by:masnrock
masnrock earned 2000 total points
ID: 41837599
That's one way to do it. And it is simple. But like I mentioned, make sure that you create NAT policies for the new subnet you set up. And also to update the IP address that your PCI scans check.
0

Featured Post

What Is Blockchain Technology?

Blockchain is a technology that underpins the success of Bitcoin and other digital currencies, but it has uses far beyond finance. Learn how blockchain works and why it is proving disruptive to other areas of IT.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question