Any firewall configuration that locks down all unnecessary ports and service especially those that is a major threat and any ports that are open has to have secure software with no remote exploits known. Web applications are extensively tested to ensure that no sql injection, cross site scripting and other remote exploits can be done as well prohibits/limit data enclosure of any type. Say if you are running with a sql database any error messages should NEVER disclose anything database releated not even so much as possibly hinting what type of database or sql query that might been executed. Things that does not prohibit PCI compliance but are flagged as possible PCI compliance issues are "silly" things like robots.txt files (could provide information disclosure on where administration pages etc are located). If a web page that looks like it handles logins can be access without SSL cert it will be flagged and could possible give you a PCI compliance failure.
Most of the things to become PCI compliant involves securing servers, access to servers and whom can access the data on the servers. Ensure servers and web apps are patched and secure, that minimal data information can be retrieved from server or web application. That you have written policies stating whom is allowed to do what, not using manufacture default passwords, each user has their own username/password and finally written policy what to do in case of a breach. Most of this is all "obvious" security measures anyone should do but you have to answer a ton of questions and sign that you answered them truthfully and an external audit of the servers been done and passed. / Eje -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Josh Luthman Sent: Friday, April 02, 2010 9:00 AM To: WISPA General List Subject: Re: [WISPA] PCI Compliance That would satisfy the firewall. Though I have to wonder what firewall config satsifies for compliance. On 4/2/10, RickG <[email protected]> wrote: > Correct, no storage. I'm thinking an RB750? > > On Fri, Apr 2, 2010 at 2:29 AM, Josh Luthman > <[email protected]> wrote: >> No experience just thoughts. >> >> http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard >> >> Would make sense to use a MT, put a nice firewall template (hence the >> first requirement) and then the other generic things everyone should >> do. I would have to guess BK doesn't store card information. >> Processing security relies on the card processor, would it not? >> >> On 4/2/10, RickG <[email protected]> wrote: >>> Email from my brother: >>> >>> Just got a letter from our credit card processor and we need to become >>> pci compliant. I noticed these routers I'm using from Qwest dont have >>> a firewall. Do I go software,hardware or both? Here is the link for >>> our routers. >>> http://www.qwest.com/internethelp/modems/motorola-3347/modemDetail_3347insta llation.html >>> >>> He handles IT for 27 BK's in Denver. Thoughts? >>> >>> >>> ---------------------------------------------------------------------------- ---- >>> WISPA Wants You! Join today! >>> http://signup.wispa.org/ >>> ---------------------------------------------------------------------------- ---- >>> >>> WISPA Wireless List: [email protected] >>> >>> Subscribe/Unsubscribe: >>> http://lists.wispa.org/mailman/listinfo/wireless >>> >>> Archives: http://lists.wispa.org/pipermail/wireless/ >>> >> >> >> -- >> Josh Luthman >> Office: 937-552-2340 >> Direct: 937-552-2343 >> 1100 Wayne St >> Suite 1337 >> Troy, OH 45373 >> >> Success is not final, failure is not fatal: it is the courage to >> continue that counts. >> --- Winston Churchill >> >> >> ---------------------------------------------------------------------------- ---- >> WISPA Wants You! Join today! >> http://signup.wispa.org/ >> ---------------------------------------------------------------------------- ---- >> >> WISPA Wireless List: [email protected] >> >> Subscribe/Unsubscribe: >> http://lists.wispa.org/mailman/listinfo/wireless >> >> Archives: http://lists.wispa.org/pipermail/wireless/ >> > > > ---------------------------------------------------------------------------- ---- > WISPA Wants You! Join today! > http://signup.wispa.org/ > ---------------------------------------------------------------------------- ---- > > WISPA Wireless List: [email protected] > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -- Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 Success is not final, failure is not fatal: it is the courage to continue that counts. --- Winston Churchill ---------------------------------------------------------------------------- ---- WISPA Wants You! Join today! http://signup.wispa.org/ ---------------------------------------------------------------------------- ---- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/ -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: [email protected] Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
