You could simply use routing tables to block the segment... if the
main network has no route to those boxes, then they can't talk to
them.
I think I'd need to see more detail about how these systems are doing
CCauth to determine if you need more:
1. Is the CCAuth happening over the Internet?
2. Do these systems need to talk to the rest of the network?
3. Is the data accessible via physical access?
If the CCAuth systems need to access the rest of the network then you
need to do some stateful packet filtering at the router instead of
simply dropping routes. If you're sending unencrypted cc#'s over the
Internet, you have alot more issues then I can cover in an email. If
these boxes aren't locked up in a seperate room/closet with restricted
access... then you need to look at physical security as well.
Young, Beth A. writes:
> I have an unusual situation that I need help resolving.
>
> I have several physical locations (3-6 different buildings) that need a few
> workstations (like 1-3) segregated from the rest of the network. The
> workstations are doing credit-card transactions and from what we can see,
> the software doesn't encrypt the information so we need network security to
> fix the problem (why don't software companies, especially companies that
> deal with electronic commerce put in security?!? But that is another
> topic...)
>
> So, how can I segregate so few workstations without putting a firewall in
> each location? The expense of the 6 firewalls would be too costly for the
> department.
>
> Thanks for any suggestions,
> Beth
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
