cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3056
Views
5
Helpful
2
Replies
Beginner

VLANS & PCI compliance

Hi All,

I am tasked with ensuring PCI compliance on computers that process credit card data.  I know I can use VLANs for segmenting them from the main network but should I allow all other vlans to access the new subnet? If I don't then file servers or other resources that exist on the main network will be unavailable?  What is the best practice?

Thank you,

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Advisor

Hi

Hi

You could use Vlan ACL for this kind of task, so you will allow the required access and give a double protection (vlan segmentation and restrictions) to your subnet. 

View solution in original post

2 REPLIES 2
Highlighted
VIP Advisor

Hi

Hi

You could use Vlan ACL for this kind of task, so you will allow the required access and give a double protection (vlan segmentation and restrictions) to your subnet. 

View solution in original post

Highlighted
VIP Expert

Hi,

Hi,

For PCI compliance, you really need guidelines from you security department, as any organization that deal with credit card information is subject to audit ones or multiple times a year (depending on the amount of transaction). As for best practice, you can use router ACL, to allow or disallow communication, but the ACLs need to be logged and send to a syslog server.  In addition, you also have to log all flows and be able to keep the data for a certain amount of time in case you get audited. Overall, firewalls do a better job when it comes to controlling traffic between hosts/segments as well as logging flows based on ports and protocols.

See page 12 in this doc:

https://www.pcisecuritystandards.org/documents/PCI%20SSC%20Quick%20Reference%20Guide.pdf

HTH

CreatePlease to create content
Content for Community-Ad