Due to the fact that you are dealing with credit card processing, you may
need to meet PCI compliance standards - more details can be found at:
http://usa.visa.com/business/accepting_visa/ops_risk_management/cisp.html
This requirement includes "Install and maintain a firewall configuration to
protect data". Typically, this means that PCI compliance audits would not
accept a router as a firewall, although there are some devices that can act
as both.
You should check with your credit card vendor to ensure that you meet their
security requirements.
David Seidl, CISSP
IT Security and Privacy Analyst
ITaP - IT Security and Privacy
dseidl@purdue.edu
> -----Original Message-----
> From: firewall-wizards-bounces@listserv.cybertrust.com
> [mailto:firewall-wizards-bounces@listserv.cybertrust.com] On Behalf Of
> phil
> connelly
> Sent: Tuesday, November 14, 2006 10:45 PM
> To: firewall-wizards@listserv.icsalabs.com
> Subject: [fw-wiz] firewalls and routers
>
> I'm afraid I have some really basic questions (I'm trying to resolve a
> potential security issue where I work).
>
> 1. if we are using a router, does that mean a computer that processes
> credit
>
> cards does not need to have its firewall enabled?
> 2. can a router have a firewall and if so, how does one get to it to
> configure it?
>
> thx
>
> pc
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|