In some cases now I believe you can use router ACL's instead of firewall's. Check the PCI DSS site for more info.
-Mike _____ From: Mark Robinson [mailto:mark.robin...@cips.org] Sent: Tuesday, November 24, 2009 6:03 AM To: NT System Admin Issues Subject: RE: PCI DSS Compliancy Hi, Thanks for your reply. No I am not working with an organization, I kinda hoped I could do this for as little cost as possible! I have two wireless LAN access points so it's looking like I will need Firewall protection for each access point. Thanks again. Mark From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: 24 November 2009 11:49 To: NT System Admin Issues Subject: Re: PCI DSS Compliancy >>Do I need to install physical firewalls between my LAN wireless access points and the rest of the LAN? Yes, particularly that portion of the LAN that holds the systems where cardholder data is stored. To the extent that your wireless network segment is completely separate from your production or corporate LAN, you are already meeting this requirement. If users of your wireless segment must use a VPN to get into your corporate network, then your work on this issue is done. Are you working with any organizations to assist you in PCI compliance? ASB (My XeeSM Profile) <http://XeeSM.com/AndrewBaker> Providing Competitive Advantage through Effective IT Leadership On Tue, Nov 24, 2009 at 5:18 AM, Mark Robinson <mark.robin...@cips.org> wrote: Hi, I wonder if anyone can help please? I am currently further securing our network to ensure PCI DSS compliancy and I am struggling to find a clear explanation of the following requirement: PCI DSS Requirement 1.2.3 Testing Procedure Install perimeter firewalls between any wireless networks and the cardholder data environment, and configure these firewalls to deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment. Verify that there are perimeter firewalls installed between any wireless networks and systems that store cardholder data, and that these firewalls deny or control (if such traffic is necessary for business purposes) any traffic from the wireless environment into the cardholder data environment. Has anyone else gone through the compliancy process and can they clarify this step please?! Do I need to install physical firewalls between my LAN wireless access points and the rest of the LAN? I have a wireless ADSL network that is used to allow visitors to connect to the internet and this is completely independent from my LAN. I'm not sure which of these entities this rule applies to. Any assistance will be gratefully received! Many thanks, Mark Mark Robinson IT Technical Support Analyst The Chartered Institute of Purchasing & Supply Tel: +44 (0) 1780 761526 Fax: +44 (0) 1780 751610 www.cips.org <http://www.cips.org/> IMPORTANT INFORMATION Internet communications are not secure and therefore CIPS does not accept legal responsibility for the contents of any e-mail message sent via this medium. The content of any e-mail communication is the view of the individual and CIPS does not accept legal liability for the contents. Although this message and any attachments are believed to be free of virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by CIPS for any loss or damage in any way arising from its use. CIPS runs the following software packages: MS Office Suite 2003, MS Visio 2003, MS Project 2002. Please ensure that any files you send are compatible. The Chartered Institute of Purchasing & Supply (CIPS) is an organisation incorporated under Royal Charter and is based at Easton House, Easton on the Hill, Stamford, Lincs PE9 3NZ, tel: +44 (0)1780 756777, and is a registered Charity number 1017938. CIPS Services Limited is a wholly owned subsidiary company of CIPS, registered in England under number 2610367 and is registered at the address shown above. Both organisations operate under a group VAT registration number: 3426 489 42. -- Scanned by iCritical. -- Scanned by iCritical. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
