At least try to get an assessment done by an external organization. They might even help you to narrow the scope of the environment that pertains to PCI, such that you can address a more compact area.
Better to spend a little money to save a lot of liability... -ASB: http://XeeSM.com/AndrewBaker On Tue, Nov 24, 2009 at 7:02 AM, Mark Robinson <mark.robin...@cips.org>wrote: > Hi, > > > > Thanks for your reply. No I am not working with an organization, I kinda > hoped I could do this for as little cost as possible! > > > > I have two wireless LAN access points so it’s looking like I will need > Firewall protection for each access point. > > > > Thanks again. > > > > Mark > > > > > > > > *From:* Andrew S. Baker [mailto:asbz...@gmail.com] > *Sent:* 24 November 2009 11:49 > *To:* NT System Admin Issues > *Subject:* Re: PCI DSS Compliancy > > > > *>>Do I need to install physical firewalls between my LAN wireless access > points and the rest of the LAN?* > > Yes, particularly that portion of the LAN that holds the systems where > cardholder data is stored. > > To the extent that your wireless network segment is completely separate > from your production or corporate LAN, you are already meeting this > requirement. If users of your wireless segment must use a VPN to get into > your corporate network, then your work on this issue is done. > > Are you working with any organizations to assist you in PCI compliance? > > *ASB *(My XeeSM Profile) <http://XeeSM.com/AndrewBaker> > *Providing Competitive Advantage through Effective IT Leadership* > > > > On Tue, Nov 24, 2009 at 5:18 AM, Mark Robinson <mark.robin...@cips.org> > wrote: > > Hi, > > > > I wonder if anyone can help please? I am currently further securing our > network to ensure PCI DSS compliancy and I am struggling to find a clear > explanation of the following requirement: > > > > *PCI DSS Requirement 1.2.3* > > *Testing Procedure* > > Install perimeter firewalls between any wireless networks and the > cardholder data environment, and configure these firewalls to deny or > control (if such traffic is necessary for business purposes) any traffic > from the wireless environment into the cardholder data environment. > > Verify that there are perimeter firewalls installed between any wireless > networks and systems that store cardholder data, and that these firewalls > deny or control (if such traffic is necessary for business purposes) any > traffic from the wireless environment into the cardholder data environment. > > > > Has anyone else gone through the compliancy process and can they clarify > this step please?! Do I need to install physical firewalls between my LAN > wireless access points and the rest of the LAN? I have a wireless ADSL > network that is used to allow visitors to connect to the internet and this > is completely independent from my LAN. I’m not sure which of these entities > this rule applies to. > > > > Any assistance will be gratefully received! > > > > Many thanks, > > > Mark > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
