Build and Maintain a Secure Network
What exactly does PCI Compliance look at?
The PCI Council, composed of the major card brands, has set aside a set of Data Security Standards for securing and standardizing the electronic payment industry. But what exactly are the standards? Do they all apply to you? And if so, what exactly are they intended to look at and secure? Over the course of the next twelve months, we will look at each of the 12 PCI Data Security Standard Requirements that the Council has set in order to shed some light on what applies to you, and why.
Build and Maintain a Secure Network
The Council has 12 specific requirements that all serve to accomplish a variety of goals, which aim to help you be as secure as possible. The first goal is to Build and Maintain a Secure Network, and it comes with two specific requirements. It is important to note that even if you use a third party to handle your processing and do not store any data, this step still applies to you, especially if you use a virtual terminal to manually run transactions online. If your network and computer are not secure, even if you don’t process the card or store the information, a hacker can compromise your computer and watch what you type, filtering out anything that looks like a card number, all while you are unaware.
This month we will take a look at the first requirement of building and maintaining a secure network: installing and maintaining a firewall configuration to protect cardholder data.
Installing and maintaining a firewall is a key component of any secure network because it allows you to control what access it allows into, and out of, your organization’s network. Start by making sure that your firewall is turned on; from Windows 7 you can access the Firewall Settings by clicking the Start menu and then Control Panel which allows you to go into your System Security where the Firewall settings are located. The instructions included are for Windows 7 due to the fact that Microsoft will no longer support Windows XP next year. Once you have made sure that your firewall is turned on you will want to be sure that you keep it updated.
You can use your firewall to make sure that no unauthorized access reaches your network. In some instances, depending on how your network is setup, you may need to make some specific changes. The majority of the time however, you should be fine so long as you block access from any “Untrusted” networks.
If your network needs to be scanned as part of your PCI Compliance, due to entering transactions on your computers in a virtual terminal or keying them online, having these basic steps in place with your firewall will be a great start to making sure you pass your scan. Furthermore, if you need to make any changes as a result of the scan, you will know where you need to go if changes to the firewall configuration are required.
You can find more PCI information by navigating to the PCI Council website and look at the resources they have. We recommend you read through their PCI DSS Quick Reference Guide for more information.
If you have any questions about PCI, security that you would like to see covered, let us know! You can email us at compliance@cashlinq.com to share your thoughts or questions which we may then address here on our blog!