Need to Whitelist several IP addresses using Arris NVG589

I need to whitelist several IP addresses to acquire PCI compliance for my in-home business.  My router is a Arris nvg589.  How to do that with his router/modem?

Thanks!
Mark LitinOwnerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

masnrockCommented:
You really don't need to do anything unless you have some existing incoming rules that are tied to specific IP addresses. Generally, a lot of small businesses don't have this going on, so you should be fine as is.

But the closest type of stuff would be located under Firewall > Packet Filter. Again, I would advise against doing that unless the circumstance I previously mentioned applies. External PCI scans are supposed to test existing security measures, granted their main concern actually ties around which ports you have open.
0
Mark LitinOwnerAuthor Commented:
Thanks.

The packet filters look promising.  The reason the failed PCI scans give is the network to be scanned cannot be reached.  New PCI compliance requirements are stepping up the scanning access, I guess.
0
masnrockCommented:
Do you have any existing port forwarding rules? It sounds like you don't. If that is the case, talk to the scanning vendor about that. It wouldn't make sense to allow connections then suddenly fail because of that. Exemptions can be granted under certain circumstances, and you just may fall in one.

If you cannot get an exemption, then a more logical approach would be to get in contact with AT&T. It's going to be one of two things: needing to get a static IP address if you don't have one already, or an issue involving the router itself (I've seen routers and firewalls that just did not play nice with PCI scans).

The only time whitelisting really becomes needed is when you restrict open ports by IP. However, vendors never explain that piece out. So there isn't a new rule, but the reasoning behind whitelisting is just poorly explained.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Protecting & Securing Your Critical Data

Considering 93 percent of companies file for bankruptcy within 12 months of a disaster that blocked access to their data for 10 days or more, planning for the worst is just smart business. Learn how Acronis Backup integrates security at every stage

Mark LitinOwnerAuthor Commented:
No existing rules in place.  The only thing I think they need is access through the firewall to the network itself to scan the CC processing in place on the network.

Opening them up on Tuesday.  I'll write back the results.
0
masnrockCommented:
There shouldn't be anything to open then. I would recommend talking to the PCI scanning vendor. Since there are no open ports and there are no explicit blocks, it makes no sense to open up anything.
0
Mark LitinOwnerAuthor Commented:
Hi.  

An update...

Doing what the PCI Compliance company specified, in this case opening the IP addresses in the windows firewall, still resulted in a failed scan.  So I'm assuming the router itself is at play, and replacement for a newer model has been ordered.

More mid next week when it is expected to be around and it can be installed and tested.

Thanks, all for your attention.
0
masnrockCommented:
You're quite welcome. I'll await your next post.
0
Mark LitinOwnerAuthor Commented:
Hi All

The ATT router has been replaced and I have done everything the PCI compliance group has requested and still the scan fails.  So I will now enlist the PCI compliance group to either help this get resolved or file a dispute.  I should probably close this in the interim, so thanks tons for your assist.
0
masnrockCommented:
You're quite welcome. Sorry the issues still exist. Don't have anyyhing whitelisted for them and try to have the PIC vendor grant an exception. The way you initially had things set was the right way. Don't be afraid to post again if more assistance becomes needed.
0
Mark LitinOwnerAuthor Commented:
Thanks much.  Will do.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.