[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 199
  • Last Modified:

Separate Credit Card Machines for PCI Compliance

I have a customer that fails the PCI Compliance scan.  There is an in-house SBS server with the typical 80, 25, 443, 3389, etc ports necessary for SBS but the PCI Compliance scan sees all these as vulnerabilities.

- The customer does have available public static IP's
- The customer has a SonicWall Firewall TZ105
- The credit card machines are connected to the network wirelessly via Ubiquiti access points

Is there a way I can separate these two credit card machines on a separate network using an available public static IP?
0
ptsolutionsinc
Asked:
ptsolutionsinc
  • 2
2 Solutions
 
masnrockCommented:
Yes. You can create a separate subnet on an available interface, then create NAT rules so that the traffic translates to the available public IP. You also need to make sure that the two subnets cannot communicate with one another.

You can also accomplish this with VLANs. You will need to make sure the right switch port is configured for the right network.

I have done this a few times for compliance. Does the credit card machine communicate with any applications?
0
 
eeRootCommented:
The firewall should have the ability to create a separate non-routed VLAN that the access and point and credit card readers can be placed into.  Do you know whet the credit card readers need to communicate with?
0
 
ptsolutionsincAuthor Commented:
OK I follow both of you on your recommendations but the credit card readers are connected to the office WiFi, there are no physical LAN connections.   I am think of buying an inexpensive wireless router, connect it to the separate sonicwall vlan/subnet and connect the wireless credit card machines to this new router.
0
 
masnrockCommented:
That's one way to do it. And it is simple. But like I mentioned, make sure that you create NAT policies for the new subnet you set up. And also to update the IP address that your PCI scans check.
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now