Compliance consisted of answering an online questionnaire and passing the scan. Not storing customer credit card information made a big difference in lowering the "level" of security that we had to meet (Equifax level). It made the questionnaire part much easier to pass.
Our cable modem sends all traffic to the AirPort, which has the outside IP address on the WAN port. It forwards the VPN packets to the macOS Server which has the VPN service turned on. I rechecked and there is no forwarding of the credit card machine ports. It seems the presence of the VPN was the trick. Keith - CDI > On Sep 8, 2017, at 1:38 PM, Kirk Brooks via 4D_Tech <4d_tech@lists.4d.com> > wrote: > > Hi Keith, > I'm just getting back around to this - I like the idea of a VPN. I have > three locations I need to accomodate and have to admit I haven't done > anything with a VPN so if you'll allow me to ask some pretty naive > questions: > > Did you set up the VPN just within the router or get an actual VPN service > to connect to? > > I actually wanted to get some DSL lines but at a couple of locations ATT > won't even install copper lines anymore. > > Were you involved in the overall certification PCI certification process? > I'm wondering about stuff like the internal paper handling aspects of the > deal. Any insight is welcome. > > Thanks much! > > > On Thu, Sep 7, 2017 at 1:51 PM, Keith Culotta via 4D_Tech < > 4d_tech@lists.4d.com> wrote: > >> Kirk, >> >> I can't say that I understand the nuances of the system to the point of >> having any details to contribute, but after lots of trying to figure it out >> the thing that finally allowed us to pass the scan was to use a VPN. We >> open only the VPN ports and the ports required by the credit card machines. >> We use the Apple Server's VPN and an AirPort Extreme. >> >> I did not think to ask the compliance people if I could register the >> standard 4D ports with them so that having those ports open would not >> trigger a violation. On the other hand, I think I read that credit card >> machines are supposed to be on a separate network anyway. A low speed DSL >> would work. >> >> Keith - CDI >> >>> On Sep 7, 2017, at 2:46 PM, Kirk Brooks via 4D_Tech < >> 4d_tech@lists.4d.com> wrote: >>> >>> If anyone has experience with successfully completing a PCI/DSS audit and >>> certification for your network, not just the 4D part, I would really >>> appreciate talking with you. Ping me off line. >>> >>> Thanks >>> >>> -- >>> Kirk Brooks >>> San Francisco, CA >>> ======================= >>> >>> *The only thing necessary for the triumph of evil is for good men to do >>> nothing.* >>> >>> *- Edmund Burke* >>> ********************************************************************** >>> 4D Internet Users Group (4D iNUG) >>> FAQ: http://lists.4d.com/faqnug.html >>> Archive: http://lists.4d.com/archives.html >>> Options: http://lists.4d.com/mailman/options/4d_tech >>> Unsub: mailto:4d_tech-unsubscr...@lists.4d.com >>> ********************************************************************** >> >> ********************************************************************** >> 4D Internet Users Group (4D iNUG) >> FAQ: http://lists.4d.com/faqnug.html >> Archive: http://lists.4d.com/archives.html >> Options: http://lists.4d.com/mailman/options/4d_tech >> Unsub: mailto:4d_tech-unsubscr...@lists.4d.com >> ********************************************************************** >> > > > > -- > Kirk Brooks > San Francisco, CA > ======================= > > *The only thing necessary for the triumph of evil is for good men to do > nothing.* > > *- Edmund Burke* > ********************************************************************** > 4D Internet Users Group (4D iNUG) > FAQ: http://lists.4d.com/faqnug.html > Archive: http://lists.4d.com/archives.html > Options: http://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > ********************************************************************** ********************************************************************** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **********************************************************************
