1 / 14

Comprehensive Overview of PCI Compliance and Technical Specifications

This document provides a detailed overview of the PCI Compliance framework, including significant releases from 2006 to 2008. It outlines essential terms such as PCI DSS and PABP, and emphasizes the importance of validated payment applications in maintaining compliance. Key areas for attention to achieve full PCI compliance are identified, including server access and configuration, and the implementation of DMZ for secure networking. Additionally, practical guidance for setting up firewalls and port forwarding is presented, ensuring a thorough understanding of compliance measures.

adriel
Télécharger la présentation

Comprehensive Overview of PCI Compliance and Technical Specifications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PCI ComplianceTechnical Overview2008

  2. RM PCI Calendar Sept 2006: Official 15.1 PCI Release Sept 2006: 15.1 certified PCI Compliant Jan 2007: VISA approves certification May 2007: Official 16.0 PCI Release Dec 2007: 16.0 certified PCI Compliant Awaiting VISA certification approval

  3. Terms and Definitions • PCI DSS: Payment Card Industry Data Security Standard • PABP: Payment Application Best Practices • RM is a validated payment application that meets the PCI PABP • So what is “PCI Compliance”? Hint: It’s not simply installing RM 15.1.

  4. The PCI Compliant Site To be a fully PCI compliant site, there are 4 areas needing attention: • Use PABP validated applications • Install RM 15.1 or later • Proper configuration • RM and Reseller PCI Guidance Doc • Proper procedures • Server machine access • Remote access • Site guidelines • Physical machine access • Network / Wireless

  5. Internet Basic Network

  6. Internet Network w/ WiFi

  7. Internet Network w/ WiFi Symbol WS2000

  8. Internet Network w/ web svcs DMZ for Online Ordering Rmbrowser Write-On Phone Central Manager Symbol WS2000

  9. What’s a DMZ? • DMZ: “De-Militarized Zone” • Separate network isolated from RM network • DMZ exposed to internet • RM network isolated from internet • All enforced through firewall configuration rules

  10. Internet Network with DMZ DMZ 10.1.1.* 10.1.1.1 10.1.1.254 10.1.0.254 RM 10.1.0.* 10.1.0.1

  11. Setting up DMZ Server • RM and Reseller PCI Guidance: • Install NetworkActiv AUTAPF port forwarder as a service • Configure single port forwarding rule • Configure OO/RMbrowser/WO Phone setup to go to DMZ machine and port

  12. Internet Firewall Rules DMZ 10.1.1.* Limited to proxy RM 10.1.0.*

  13. Setting up the Firewall • Symbol WS2000 configuration • Two subnets • 1 for RM • 1 for DMZ • Firewall Rules • Now we’ll show you how…

  14. Questions?

More Related