Post on 19-Dec-2015
PCI ComplianceTechnical Overview
2008
RM PCI Calendar
Sept 2006: Official 15.1 PCI Release
Sept 2006: 15.1 certified PCI Compliant
Jan 2007: VISA approves certification
May 2007: Official 16.0 PCI Release
Dec 2007: 16.0 certified PCI Compliant
Awaiting VISA certification approval
Terms and Definitions PCI DSS: Payment Card Industry Data
Security Standard PABP: Payment Application Best
Practices RM is a validated payment application
that meets the PCI PABP So what is “PCI Compliance”? Hint: It’s
not simply installing RM 15.1.
The PCI Compliant SiteTo be a fully PCI compliant site, there are 4 areas needing
attention: Use PABP validated applications
Install RM 15.1 or later Proper configuration
RM and Reseller PCI Guidance Doc Proper procedures
Server machine access Remote access
Site guidelines Physical machine access Network / Wireless
Network w/ web svcsInternet
SymbolWS2000
DMZfor
Online OrderingRmbrowser
Write-On PhoneCentral Manager
What’s a DMZ? DMZ: “De-Militarized Zone” Separate network isolated from RM
network DMZ exposed to internet RM network isolated from internet All enforced through firewall
configuration rules
Network with DMZInternet
DMZ10.1.1.*
RM10.1.0.*
10.1.1.1
10.1.0.1
10.1.1.254
10.1.0.254
Setting up DMZ Server RM and Reseller PCI Guidance:
Install NetworkActiv AUTAPF port forwarder as a service
Configure single port forwarding rule Configure OO/RMbrowser/WO Phone
setup to go to DMZ machine and port
Firewall RulesInternet
DMZ10.1.1.*
RM10.1.0.*
Limited to proxy
Setting up the Firewall Symbol WS2000 configuration
Two subnets 1 for RM 1 for DMZ
Firewall Rules Now we’ll show you how…
Questions?