• Status: Solved
  • Priority: High
  • Security: Public
  • Views: 166
  • Last Modified:

Need to Whitelist several IP addresses using Arris NVG589

I need to whitelist several IP addresses to acquire PCI compliance for my in-home business.  My router is a Arris nvg589.  How to do that with his router/modem?

Thanks!
0
Mark Litin
Asked:
Mark Litin
  • 5
  • 5
1 Solution
 
masnrockCommented:
You really don't need to do anything unless you have some existing incoming rules that are tied to specific IP addresses. Generally, a lot of small businesses don't have this going on, so you should be fine as is.

But the closest type of stuff would be located under Firewall > Packet Filter. Again, I would advise against doing that unless the circumstance I previously mentioned applies. External PCI scans are supposed to test existing security measures, granted their main concern actually ties around which ports you have open.
0
 
Mark LitinOwnerAuthor Commented:
Thanks.

The packet filters look promising.  The reason the failed PCI scans give is the network to be scanned cannot be reached.  New PCI compliance requirements are stepping up the scanning access, I guess.
0
 
masnrockCommented:
Do you have any existing port forwarding rules? It sounds like you don't. If that is the case, talk to the scanning vendor about that. It wouldn't make sense to allow connections then suddenly fail because of that. Exemptions can be granted under certain circumstances, and you just may fall in one.

If you cannot get an exemption, then a more logical approach would be to get in contact with AT&T. It's going to be one of two things: needing to get a static IP address if you don't have one already, or an issue involving the router itself (I've seen routers and firewalls that just did not play nice with PCI scans).

The only time whitelisting really becomes needed is when you restrict open ports by IP. However, vendors never explain that piece out. So there isn't a new rule, but the reasoning behind whitelisting is just poorly explained.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Mark LitinOwnerAuthor Commented:
No existing rules in place.  The only thing I think they need is access through the firewall to the network itself to scan the CC processing in place on the network.

Opening them up on Tuesday.  I'll write back the results.
0
 
masnrockCommented:
There shouldn't be anything to open then. I would recommend talking to the PCI scanning vendor. Since there are no open ports and there are no explicit blocks, it makes no sense to open up anything.
0
 
Mark LitinOwnerAuthor Commented:
Hi.  

An update...

Doing what the PCI Compliance company specified, in this case opening the IP addresses in the windows firewall, still resulted in a failed scan.  So I'm assuming the router itself is at play, and replacement for a newer model has been ordered.

More mid next week when it is expected to be around and it can be installed and tested.

Thanks, all for your attention.
0
 
masnrockCommented:
You're quite welcome. I'll await your next post.
0
 
Mark LitinOwnerAuthor Commented:
Hi All

The ATT router has been replaced and I have done everything the PCI compliance group has requested and still the scan fails.  So I will now enlist the PCI compliance group to either help this get resolved or file a dispute.  I should probably close this in the interim, so thanks tons for your assist.
0
 
masnrockCommented:
You're quite welcome. Sorry the issues still exist. Don't have anyyhing whitelisted for them and try to have the PIC vendor grant an exception. The way you initially had things set was the right way. Don't be afraid to post again if more assistance becomes needed.
0
 
Mark LitinOwnerAuthor Commented:
Thanks much.  Will do.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

  • 5
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now