Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 224
  • Last Modified:

Separate Credit Card Machines for PCI Compliance

I have a customer that fails the PCI Compliance scan.  There is an in-house SBS server with the typical 80, 25, 443, 3389, etc ports necessary for SBS but the PCI Compliance scan sees all these as vulnerabilities.

- The customer does have available public static IP's
- The customer has a SonicWall Firewall TZ105
- The credit card machines are connected to the network wirelessly via Ubiquiti access points

Is there a way I can separate these two credit card machines on a separate network using an available public static IP?
0
ptsolutionsinc
Asked:
ptsolutionsinc
  • 2
2 Solutions
 
masnrockCommented:
Yes. You can create a separate subnet on an available interface, then create NAT rules so that the traffic translates to the available public IP. You also need to make sure that the two subnets cannot communicate with one another.

You can also accomplish this with VLANs. You will need to make sure the right switch port is configured for the right network.

I have done this a few times for compliance. Does the credit card machine communicate with any applications?
0
 
eeRootCommented:
The firewall should have the ability to create a separate non-routed VLAN that the access and point and credit card readers can be placed into.  Do you know whet the credit card readers need to communicate with?
0
 
ptsolutionsincAuthor Commented:
OK I follow both of you on your recommendations but the credit card readers are connected to the office WiFi, there are no physical LAN connections.   I am think of buying an inexpensive wireless router, connect it to the separate sonicwall vlan/subnet and connect the wireless credit card machines to this new router.
0
 
masnrockCommented:
That's one way to do it. And it is simple. But like I mentioned, make sure that you create NAT policies for the new subnet you set up. And also to update the IP address that your PCI scans check.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now