Our credit card processor decided earlier this year that our physical premise was required to meet their PCI Compliance standards. Not a bad thing by any stretch even though our website is hosted off premise and our credit card processing is handled via a secure card terminal. They contracted a third party to provide the PCI Compliance testing which included both a multiple choice questionnaire about policy and procedures and a physical security test of our data network.
First off, you may be asking who needs to be PCI Compliant and what is it exactly. PCI Compliance is the Payment Card Industry's Data Standard. If you are handling credit card numbers/payments at your premise and those numbers are stored on a premise based system or server, then you are responsible to make sure your data network is secure. If you are using a credit card processor terminal to run your credit card numbers, then most likely that data is being stored and transmitted in a secure method. However, it is better to be safe than sorry.
Since we secure data networks as a part of our computer support Indiana practice, we took on the challenge as a learning opportunity to help our clients in PCI Compliance Indiana. Our goal was to find out what exactly this third party would be scoring us on. Although our network typical denies outside originated access for all devices other than those added to our Safe Sender List, the third party testing facility made us add their Public IP address to our list in order to allow them to fully test our systems.
We utilize a MikroTik router as our main firewall/router at our office. The MikroTik platform is based on a Linux OS platform and subsequently utilizes a few Open Source applications. Although our initial testing didn't prove to have too many security issues, the third party testing recommended a few changes that improved our game.
A few parting thoughts with respect to the process we successfully completed:
If you liked this Blog Post, then check out other IT Related Posts:
First off, you may be asking who needs to be PCI Compliant and what is it exactly. PCI Compliance is the Payment Card Industry's Data Standard. If you are handling credit card numbers/payments at your premise and those numbers are stored on a premise based system or server, then you are responsible to make sure your data network is secure. If you are using a credit card processor terminal to run your credit card numbers, then most likely that data is being stored and transmitted in a secure method. However, it is better to be safe than sorry.
Since we secure data networks as a part of our computer support Indiana practice, we took on the challenge as a learning opportunity to help our clients in PCI Compliance Indiana. Our goal was to find out what exactly this third party would be scoring us on. Although our network typical denies outside originated access for all devices other than those added to our Safe Sender List, the third party testing facility made us add their Public IP address to our list in order to allow them to fully test our systems.
We utilize a MikroTik router as our main firewall/router at our office. The MikroTik platform is based on a Linux OS platform and subsequently utilizes a few Open Source applications. Although our initial testing didn't prove to have too many security issues, the third party testing recommended a few changes that improved our game.
A few parting thoughts with respect to the process we successfully completed:
- Always Restrict Access Using Access Control Lists (ACL) or "Safe Sender" List
- Stop Services Not Absolutely Necessary on your Border Router
- Keep Router Firmware Updated (Although It Doesn't Always Equate to Security)
- Remain Mindful of Open Source Based Code Vulnerabilities
- Utilize Qualified IT Network Support Resources To Setup Critical Devices
If you liked this Blog Post, then check out other IT Related Posts:
- Ways to SAVE MONEY now and always on your IT spending!
- Don't Over Pay For Your Router and Network Hardware
- Use Windows Small Business Server 2008 to Help With Your IT Networking Needs
Powered by Compendium