Solved

Separate Credit Card Machines for PCI Compliance

Posted on 2016-10-08
4
112 Views
Last Modified: 2016-11-04
I have a customer that fails the PCI Compliance scan.  There is an in-house SBS server with the typical 80, 25, 443, 3389, etc ports necessary for SBS but the PCI Compliance scan sees all these as vulnerabilities.

- The customer does have available public static IP's
- The customer has a SonicWall Firewall TZ105
- The credit card machines are connected to the network wirelessly via Ubiquiti access points

Is there a way I can separate these two credit card machines on a separate network using an available public static IP?
0
Comment
Question by:ptsolutionsinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 28

Accepted Solution

by:
masnrock earned 500 total points
ID: 41835522
Yes. You can create a separate subnet on an available interface, then create NAT rules so that the traffic translates to the available public IP. You also need to make sure that the two subnets cannot communicate with one another.

You can also accomplish this with VLANs. You will need to make sure the right switch port is configured for the right network.

I have done this a few times for compliance. Does the credit card machine communicate with any applications?
0
 
LVL 22

Expert Comment

by:eeRoot
ID: 41836021
The firewall should have the ability to create a separate non-routed VLAN that the access and point and credit card readers can be placed into.  Do you know whet the credit card readers need to communicate with?
0
 

Author Comment

by:ptsolutionsinc
ID: 41837579
OK I follow both of you on your recommendations but the credit card readers are connected to the office WiFi, there are no physical LAN connections.   I am think of buying an inexpensive wireless router, connect it to the separate sonicwall vlan/subnet and connect the wireless credit card machines to this new router.
0
 
LVL 28

Assisted Solution

by:masnrock
masnrock earned 500 total points
ID: 41837599
That's one way to do it. And it is simple. But like I mentioned, make sure that you create NAT policies for the new subnet you set up. And also to update the IP address that your PCI scans check.
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question