*>>Do I need to install physical firewalls between my LAN wireless access points and the rest of the LAN?*
Yes, particularly that portion of the LAN that holds the systems where cardholder data is stored. To the extent that your wireless network segment is completely separate from your production or corporate LAN, you are already meeting this requirement. If users of your wireless segment must use a VPN to get into your corporate network, then your work on this issue is done. Are you working with any organizations to assist you in PCI compliance? *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Providing Competitive Advantage through Effective IT Leadership* On Tue, Nov 24, 2009 at 5:18 AM, Mark Robinson <[email protected]>wrote: > Hi, > > > > I wonder if anyone can help please? I am currently further securing our > network to ensure PCI DSS compliancy and I am struggling to find a clear > explanation of the following requirement: > > > > *PCI DSS Requirement 1.2.3* > > *Testing Procedure* > > Install perimeter firewalls between any wireless networks and the > cardholder data environment, and configure these firewalls to deny or > control (if such traffic is necessary for business purposes) any traffic > from the wireless environment into the cardholder data environment. > > Verify that there are perimeter firewalls installed between any wireless > networks and systems that store cardholder data, and that these firewalls > deny or control (if such traffic is necessary for business purposes) any > traffic from the wireless environment into the cardholder data environment. > > > > Has anyone else gone through the compliancy process and can they clarify > this step please?! Do I need to install physical firewalls between my LAN > wireless access points and the rest of the LAN? I have a wireless ADSL > network that is used to allow visitors to connect to the internet and this > is completely independent from my LAN. I’m not sure which of these entities > this rule applies to. > > > > Any assistance will be gratefully received! > > > > Many thanks, > > > Mark > > Mark Robinson > IT Technical Support Analyst > The Chartered Institute of Purchasing & Supply > Tel: +44 (0) 1780 761526 Fax: +44 (0) 1780 751610 > www.cips.org > > > > > > > IMPORTANT INFORMATION > > > Internet communications are not secure and therefore CIPS does not accept > legal responsibility for the contents of any e-mail message sent via this > medium. The content of any e-mail communication is the view of the > individual and CIPS does not accept legal liability for the contents. > Although this message and any attachments are believed to be free of virus > or other defect that might affect any computer system into which it is > received and opened, it is the responsibility of the recipient to ensure > that it is virus free and no responsibility is accepted by CIPS for any loss > or damage in any way arising from its use. > > > CIPS runs the following software packages: MS Office Suite 2003, MS Visio > 2003, MS Project 2002. Please ensure that any files you send are > compatible. > > > The Chartered Institute of Purchasing & Supply (CIPS) is an organisation > incorporated under Royal Charter and is based at Easton House, Easton on the > Hill, Stamford, Lincs PE9 3NZ, tel: +44 (0)1780 756777, and is a registered > Charity number 1017938. CIPS Services Limited is a wholly owned subsidiary > company of CIPS, registered in England under number 2610367 and is > registered at the address shown above. Both organisations operate under a > group VAT registration number: 3426 489 42. > > -- > Scanned by iCritical. > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
