Is there such a thing as a PCI Compliant Router? No, not in the out of the box model sense of the question. The validity of how "PCI Compliant" a router is relates to the programming of the individual router as it pertains to securing the network.
First off, who needs to worry about having a PCI Compliant router? A good place to start is to ask yourself if your business accepts and/or stores credit card information. PCI stands for Payment Card Industry Data Security Standard (PCI DSS), but most people just say "PCI" for short. To read more about the actual standard, I'll refer the readers to the Wikipedia article on "PCI Compliance".
If your business does accept credit cards or stores credit card information of clients, then the next stop would be to speak to your specific credit card processing company to see what they require. Some require compliance even if you only utilize a credit card swipe machine in the premise where others require it only if you are storing credit card information on a server or in a database application.
Once you have determined that your business location(s) is required to pass PCI Compliance testing, then your next step is to make sure you have a good business level router in place. I prefer using an ADTRAN router for this need, but as mentioned in the beginning, the level of PCI Compliance rests in programming of the router which most people will require a qualified Indianapolis IT Support professional to do.
In general, the router programming consists of closing open ports typically utilized by hackers to exploit the security of a network. Shutting down unnecessary and insecure services are also required. Making sure the router is running the most updated firmware and service version can also be a requirement. For instance during one PCI compliance project I worked on recently, the client utilized a router and firewall that was based on a Linux OS distribution. The testing agency hired by the credit card company kept failing the security test, because the version of the telnet service was outdated and considered a security risk. Unfortunately we were not able to update the telnet service version on this particular router, but we did manage to utilize more secure remote access methods which allowed us to shut down the externally facing telnet service, hence ultimately passing the security test. Eventhough access control lists (ACL) were utilized to protect the telnet service on the router, the testing agency required adding their tesing server to the ACL which forced a greater level of security in the end on the router.
Making a network PCI Compliant is a good step no matter if your particular credit card processor requires it or not. It is a sound, secure practice of making sure your particular network, servers, and devices are not vulnerable to know security risks. Good network security goes far beyond PCI Compliance, but it is always a good place to start.
Please contact us if you have been told by your credit card processing company that your network is required to be PCI Compliant. Our Indianapolis IT Support professionals can help your business achieve its PCI Compliance Indiana approval through proper router selection and programming.
If you liked this Blog Post, then check out The Interconnect Group other Blog Posts:
First off, who needs to worry about having a PCI Compliant router? A good place to start is to ask yourself if your business accepts and/or stores credit card information. PCI stands for Payment Card Industry Data Security Standard (PCI DSS), but most people just say "PCI" for short. To read more about the actual standard, I'll refer the readers to the Wikipedia article on "PCI Compliance".
If your business does accept credit cards or stores credit card information of clients, then the next stop would be to speak to your specific credit card processing company to see what they require. Some require compliance even if you only utilize a credit card swipe machine in the premise where others require it only if you are storing credit card information on a server or in a database application.
Once you have determined that your business location(s) is required to pass PCI Compliance testing, then your next step is to make sure you have a good business level router in place. I prefer using an ADTRAN router for this need, but as mentioned in the beginning, the level of PCI Compliance rests in programming of the router which most people will require a qualified Indianapolis IT Support professional to do.
In general, the router programming consists of closing open ports typically utilized by hackers to exploit the security of a network. Shutting down unnecessary and insecure services are also required. Making sure the router is running the most updated firmware and service version can also be a requirement. For instance during one PCI compliance project I worked on recently, the client utilized a router and firewall that was based on a Linux OS distribution. The testing agency hired by the credit card company kept failing the security test, because the version of the telnet service was outdated and considered a security risk. Unfortunately we were not able to update the telnet service version on this particular router, but we did manage to utilize more secure remote access methods which allowed us to shut down the externally facing telnet service, hence ultimately passing the security test. Eventhough access control lists (ACL) were utilized to protect the telnet service on the router, the testing agency required adding their tesing server to the ACL which forced a greater level of security in the end on the router.
Making a network PCI Compliant is a good step no matter if your particular credit card processor requires it or not. It is a sound, secure practice of making sure your particular network, servers, and devices are not vulnerable to know security risks. Good network security goes far beyond PCI Compliance, but it is always a good place to start.Please contact us if you have been told by your credit card processing company that your network is required to be PCI Compliant. Our Indianapolis IT Support professionals can help your business achieve its PCI Compliance Indiana approval through proper router selection and programming.
If you liked this Blog Post, then check out The Interconnect Group other Blog Posts:
- Has Your IT Rack Gotten Out Of Hand
- Wireless 3G Networks...Which one do you choose?
- Get Empowered with Oracle Software Products
- Benefits of Volume Licensing
- 10 Handy and Free Software Programs
- 5 More Features of Windows 7
- Free Microsoft Antivirus Software
Powered by Compendium
Comments for What is a PCI Compliant Router?