ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

Segmenting a Network for PCI Compliance - Nightmare!



  2014 Focus Titanium
Hi,

I'm currently having a nightmare at work trying to become PCI Compliant with our Card Merchant. For those who have never heard of PCI, it is basically a requirement for any business who have a card machine for taking VISA, Mastercard etc payments which means that you must protect the cardholder's data.

From what I gather this basically means that if your card machine is attached to your network (which ours is), then you must take action to make sure that "Rogue" systems cannot get access to that network and possible hack the card machine. I have read up on this and the only advice I can get is to physically separate the card machine onto it's own individual network and for that I would have to purchase and install a stand-alone firewall at the router and then create some network infrastructure to get back to the card machine which it 3 rooms away from the router, or of course take away all wireless APs and then we can't offer Free WiFi to our customers which we like doing.

My question is does anyone have another way around this? It's going to be a massive upheaval to install another network and I really can't be arsed with it!

My network is as follows:

Network.png


Any help would be greatly appreciated.
 
Last edited:
  2014 Focus Titanium
Badger: I'm a bit of a novice when it comes to proper networking. I've set up multiple home networks but never gone too advanced however am a pretty quick learner when it comes to this stuff because it interests me.

To create separate VLANs does that mean use different subnets? All the LANs I have ever made have all used the same IP tree and subnet (192.168.1.x and 255.255.255.0).
 
  BMW F21 125d
Yeah split your /24 into separate subnets, and assign each subnet to a VLAN.
Subnetting is easy, just decide either how many hosts you need, or how many networks you need first and calculate.
 


Top