The key is to prevent direct access from any WLAN segments into the cardholder data area.
*ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> *Providing Competitive Advantage through Effective IT Leadership* On Tue, Nov 24, 2009 at 7:48 AM, Mike Semon <[email protected]> wrote: > In some cases now I believe you can use router ACL’s instead of > firewall’s. Check the PCI DSS site for more info. > > > > -Mike > > > ------------------------------ > > *From:* Mark Robinson [mailto:[email protected]] > *Sent:* Tuesday, November 24, 2009 6:03 AM > > *To:* NT System Admin Issues > *Subject:* RE: PCI DSS Compliancy > > > > Hi, > > > > Thanks for your reply. No I am not working with an organization, I kinda > hoped I could do this for as little cost as possible! > > > > I have two wireless LAN access points so it’s looking like I will need > Firewall protection for each access point. > > > > Thanks again. > > > > Mark > > > > > > > > *From:* Andrew S. Baker [mailto:[email protected]] > *Sent:* 24 November 2009 11:49 > *To:* NT System Admin Issues > *Subject:* Re: PCI DSS Compliancy > > > > *>>Do I need to install physical firewalls between my LAN wireless access > points and the rest of the LAN?* > > Yes, particularly that portion of the LAN that holds the systems where > cardholder data is stored. > > To the extent that your wireless network segment is completely separate > from your production or corporate LAN, you are already meeting this > requirement. If users of your wireless segment must use a VPN to get into > your corporate network, then your work on this issue is done. > > Are you working with any organizations to assist you in PCI compliance? > > *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > *Providing Competitive Advantage through Effective IT Leadership* > > > > On Tue, Nov 24, 2009 at 5:18 AM, Mark Robinson <[email protected]> > wrote: > > Hi, > > > > I wonder if anyone can help please? I am currently further securing our > network to ensure PCI DSS compliancy and I am struggling to find a clear > explanation of the following requirement: > > > > *PCI DSS Requirement 1.2.3* > > *Testing Procedure* > > Install perimeter firewalls between any wireless networks and the > cardholder data environment, and configure these firewalls to deny or > control (if such traffic is necessary for business purposes) any traffic > from the wireless environment into the cardholder data environment. > > Verify that there are perimeter firewalls installed between any wireless > networks and systems that store cardholder data, and that these firewalls > deny or control (if such traffic is necessary for business purposes) any > traffic from the wireless environment into the cardholder data environment. > > > > Has anyone else gone through the compliancy process and can they clarify > this step please?! Do I need to install physical firewalls between my LAN > wireless access points and the rest of the LAN? I have a wireless ADSL > network that is used to allow visitors to connect to the internet and this > is completely independent from my LAN. I’m not sure which of these entities > this rule applies to. > > > > Any assistance will be gratefully received! > > > > Many thanks, > > > Mark > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
