aidan
02-27-2008, 03:01 PM
Hey folks!
I am currently the IT guy for a small retail business that simply has three, standalone credit card terminals. They do not have POS integration and use our DSL as their primary source of connectivity with phone as backup. Currently all of our computers, private wireless and terminals are on one network segment.
1) I am planning on purchasing a Cisco ASA and placed the terminals on their own "credit" VLAN with ACLs preventing access to and from the "internal" network (which would also contain the wireless). In addition, the "credit" VLAN would only be able to access the necessary services and ports on the WAN required for processing transactions. Would this satisfy the topic of network segmentation?
2) The Preface states that "requirements apply to all system components that are included in or connected to the cardholder data environment." Are computers on the "internal" VLAN considered separate from the cardholder data environment since they cannot communicate with it? Or since they are still physically connected through the firewall are they still within the range of compliance?
The reason I am asking is that we have a small network where all the computers are on a workgroup. Many aspects of the PCI-DSS will be hard to implement without a domain which is not very feasible right now.
Thanks for your time and expertise!
Aidan
I am currently the IT guy for a small retail business that simply has three, standalone credit card terminals. They do not have POS integration and use our DSL as their primary source of connectivity with phone as backup. Currently all of our computers, private wireless and terminals are on one network segment.
1) I am planning on purchasing a Cisco ASA and placed the terminals on their own "credit" VLAN with ACLs preventing access to and from the "internal" network (which would also contain the wireless). In addition, the "credit" VLAN would only be able to access the necessary services and ports on the WAN required for processing transactions. Would this satisfy the topic of network segmentation?
2) The Preface states that "requirements apply to all system components that are included in or connected to the cardholder data environment." Are computers on the "internal" VLAN considered separate from the cardholder data environment since they cannot communicate with it? Or since they are still physically connected through the firewall are they still within the range of compliance?
The reason I am asking is that we have a small network where all the computers are on a workgroup. Many aspects of the PCI-DSS will be hard to implement without a domain which is not very feasible right now.
Thanks for your time and expertise!
Aidan