Site Moved a PC=A MESS
-
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@wrcombs it sounds like you network tech is an idiot if they couldn't locate this wiring.
Either way: Idiot or just Lazy. That's why I came to ML to find out what was needed.
Yeah. . . so besides being sidetracked as if we were on to troubleshoot the issue you need to be able to find the cable. Since your tester won't work through the switch, your only option is to test the cable by unplugging it from the switch.
Well the Next time I go on site I will Have to take an extra set of eyes with me and start unplugging them at the PoS and find them that way.
I would honestly just look at the logging on the switches.
-
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@wrcombs it sounds like you network tech is an idiot if they couldn't locate this wiring.
Either way: Idiot or just Lazy. That's why I came to ML to find out what was needed.
Yeah. . . so besides being sidetracked as if we were on to troubleshoot the issue you need to be able to find the cable. Since your tester won't work through the switch, your only option is to test the cable by unplugging it from the switch.
Well the Next time I go on site I will Have to take an extra set of eyes with me and start unplugging them at the PoS and find them that way.
I would honestly just look at the logging on the switches.
It's a managed switch that I do not have the credentials to log in..
-
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@wrcombs it sounds like you network tech is an idiot if they couldn't locate this wiring.
Either way: Idiot or just Lazy. That's why I came to ML to find out what was needed.
Yeah. . . so besides being sidetracked as if we were on to troubleshoot the issue you need to be able to find the cable. Since your tester won't work through the switch, your only option is to test the cable by unplugging it from the switch.
Well the Next time I go on site I will Have to take an extra set of eyes with me and start unplugging them at the PoS and find them that way.
I would honestly just look at the logging on the switches.
It's a managed switch that I do not have the credentials to log in..
It would be super easy to ask for someone to give you access for this, no?
-
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@wrcombs it sounds like you network tech is an idiot if they couldn't locate this wiring.
Either way: Idiot or just Lazy. That's why I came to ML to find out what was needed.
Yeah. . . so besides being sidetracked as if we were on to troubleshoot the issue you need to be able to find the cable. Since your tester won't work through the switch, your only option is to test the cable by unplugging it from the switch.
Well the Next time I go on site I will Have to take an extra set of eyes with me and start unplugging them at the PoS and find them that way.
I would honestly just look at the logging on the switches.
It's a managed switch that I do not have the credentials to log in..
It would be super easy to ask for someone to give you access for this, no?
Honestly, with the way the rest of the site is, Id be surprised if anyone had the credentials. I have not tried talking to anyone about getting those.
-
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
-
@wrcombs said in Site Moved a PC=A MESS:
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
So they have two physical lans on site? rather than using a vLAN for this?
-
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
So they have two physical lans on site? rather than using a vLAN for this?
Correct. My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say, This is the way we were told to do this ( I believe by someone from one our Vendors who deals with PCI daily.)
-
@wrcombs that doesn't surprise me about the compliance requirement, there are a bunch of stupid compliance requirements for all sorts of industries.
-
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
So they have two physical lans on site? rather than using a vLAN for this?
Correct. My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say, This is the way we were told to do this ( I believe by someone from one our Vendors who deals with PCI daily.)
I'd have to question how much said people actually know about PCI compliance. That's not the way the basic technology works, it's all going over the same internet connection, unless they also make you have a direct physical line to the processor.
-
@travisdh1 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
So they have two physical lans on site? rather than using a vLAN for this?
Correct. My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say, This is the way we were told to do this ( I believe by someone from one our Vendors who deals with PCI daily.)
I'd have to question how much said people actually know about PCI compliance. That's not the way the basic technology works, it's all going over the same internet connection, unless they also make you have a direct physical line to the processor.
Well : you are correct, However, This meets PCI Compliance Standards ( from what I understand, or else we wouldnt be doing it this way . . . i dont know enough, Nor have i looked into it enough . . .)
-
@wrcombs said in Site Moved a PC=A MESS:
( i dont know enough, Nor have i looked into it enough . . .)Said every PCI compliance author ever. . .
-
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
( i dont know enough, Nor have i looked into it enough . . .)Said every PCI compliance author ever. . .
HAHAHAHAHAHAHAHA
-
@wrcombs said in Site Moved a PC=A MESS:
@dustinb3403 said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
So Update on this : they brought out the original networking and communications team: they re hooked the PC back into the correct switch and are in the process of installing 4 x 8port netgear switches on a dedicated network for the PoS. The PoS are all working and can communicate with the back office.
apparently, the switch I was plugged into was a "Jumper" switch that did nothing but feed to the "new office" So i was not on the network.
So they have two physical lans on site? rather than using a vLAN for this?
Correct. My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say, This is the way we were told to do this ( I believe by someone from one our Vendors who deals with PCI daily.)
Anyone can make a check list. That doesn't sound like PCI, since no PCI network is done that way.
-
@wrcombs said in Site Moved a PC=A MESS:
My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say,
You can't really believe he's that dumb. He's just saying that. Most people are liars and willing to lie at the drop of a hat to keep from explaining their bad logic or nefarious reasons. It's not really plausible that he's as dumb as you are making him out to be, but easily he's that dishonest.
A fully isolated network means you can't be connected to the Internet, a router or firewall of any sort, etc. There's no way to use credit cards are a physically isolated network, because the credit card processors (Visa, Mastercard, etc.) don't offer a direct connection to them, only ones over shared networks whether phone (no security), fax (no security), or Internet (good security.) The VLAN security is identical to the security of a router or firewall. So the reason for ruling out the one, rules out the other. They are one at the same at the security level - virtual "software" level isolation, not hardware isolation. That's how the entire Internet works.
So pretty black and white, your boss said you can't use credit card processing on your PCI network.
-
@scottalanmiller said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say,
You can't really believe he's that dumb. He's just saying that. Most people are liars and willing to lie at the drop of a hat to keep from explaining their bad logic or nefarious reasons. It's not really plausible that he's as dumb as you are making him out to be, but easily he's that dishonest.
A fully isolated network means you can't be connected to the Internet, a router or firewall of any sort, etc. There's no way to use credit cards are a physically isolated network, because the credit card processors (Visa, Mastercard, etc.) don't offer a direct connection to them, only ones over shared networks whether phone (no security), fax (no security), or Internet (good security.) The VLAN security is identical to the security of a router or firewall. So the reason for ruling out the one, rules out the other. They are one at the same at the security level - virtual "software" level isolation, not hardware isolation. That's how the entire Internet works.
So pretty black and white, your boss said you can't use credit card processing on your PCI network.
The network can not be Isolated, I agree there would be no way to isolate the credit card processing because you have to use internet to run cards through the system, However, This is how our vendor, Tells us this has to be done. This is, from my understanding, PCI Compliant: PoS arent accessing the internet directly, Card is swiped it goes back to the office software and is sent out to the processor via SSL connection ( Or most recently TLS) , then the response is sent back , held and pushed to the terminal that swiped the card, and payment is added.
The checklist came directly from a PCI testing company, and we pass all PCI compliance scans conducted on our sites, For the few exceptions of the ones using Cameras off of the firewall, which open ports and answers during the test. As far as VLAN's are concerned, I haven't looked into enough on the PCI side of things, but from the Book I had to read before I could start working on sites Credit Cards, It has to be isolated and behind a firewall- The back office is behind a firewall, with 2 NIC's to "Isolate" the PoS network. PoS can not have access to the Internet directly, but through the Back office which send information.
Could VLAN's work here? I'm almost positive they could, Especially because they have the same security as Routers and Firewalls. Would be worth looking into? For me? Probably not, Because this is standard Practice for the company, and other PoS companies use the same checklists and Diagrams, and typologies (I think that's the word I want).
-
@wrcombs said in Site Moved a PC=A MESS:
@scottalanmiller said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
My boss is pushing PCI Compliance, I don't know enough about it to have an argument against him on this. but according to a PCI Compliance checklist we received last year ( before i was here) It has to be a completely isolated network- Can not be a vLAN, Like I said i don't know enough to have a say,
You can't really believe he's that dumb. He's just saying that. Most people are liars and willing to lie at the drop of a hat to keep from explaining their bad logic or nefarious reasons. It's not really plausible that he's as dumb as you are making him out to be, but easily he's that dishonest.
A fully isolated network means you can't be connected to the Internet, a router or firewall of any sort, etc. There's no way to use credit cards are a physically isolated network, because the credit card processors (Visa, Mastercard, etc.) don't offer a direct connection to them, only ones over shared networks whether phone (no security), fax (no security), or Internet (good security.) The VLAN security is identical to the security of a router or firewall. So the reason for ruling out the one, rules out the other. They are one at the same at the security level - virtual "software" level isolation, not hardware isolation. That's how the entire Internet works.
So pretty black and white, your boss said you can't use credit card processing on your PCI network.
The network can not be Isolated, I agree there would be no way to isolate the credit card processing because you have to use internet to run cards through the system, However, This is how our vendor, Tells us this has to be done.
Right, and I'm just repeating back what the vendor told you. The vendor told you that you can't use them, because there is no way to comply.
-
@wrcombs said in Site Moved a PC=A MESS:
The checklist came directly from a PCI testing company...
that's like doing SEO from an SEO company. 99% of them are total scams. Most actually do the checklist of "what not to do", because they don't even have five minutes of SEO training.
Anyone can be a PCI company. You can start one in minutes yourself. Means nothing.
-
@wrcombs said in Site Moved a PC=A MESS:
Could VLAN's work here? I'm almost positive they could, Especially because they have the same security as Routers and Firewalls. Would be worth looking into? For me? Probably not, Because this is standard Practice for the company, and other PoS companies use the same checklists and Diagrams, and typologies (I think that's the word I want).
But you said it was your boss who wanted to be compliant, and then came up with rules that said that you weren't. So the point was, your boss either is SO dumb, or knows he's just being an ass to screw the company.
-
@scottalanmiller said in Site Moved a PC=A MESS:
@wrcombs said in Site Moved a PC=A MESS:
Could VLAN's work here? I'm almost positive they could, Especially because they have the same security as Routers and Firewalls. Would be worth looking into? For me? Probably not, Because this is standard Practice for the company, and other PoS companies use the same checklists and Diagrams, and typologies (I think that's the word I want).
But you said it was your boss who wanted to be compliant, and then came up with rules that said that you weren't. So the point was, your boss either is SO dumb, or knows he's just being an ass to screw the company.
Maybe it's just easier (for everyone-my boss included) to have two 'separate' networks(?)
Why go through the process of VLANs if you can have a dedicated NIC? It may just be the lazy way of reaching the same goal to me . . .
My boss was pushing the compliance issues, Yes, Because it is his job to make sure compliance is met within every site. You're telling me, If im not mistaken, That following directions coming from the vendor is my boss being Dumb? or Being an Ass?
- Straight from PCI Data Security Standard: Build and Maintain a Secure Network:
1. Install and maintain a firewall configuration to protect cardholder data.
2. Do no use Vendor- supplied Defaults for system passwords and other security parameters .
I guess reading this more thoroughly so I could continue this conversation: no where does it say It has to be a separate or isolated network, Only that It needs to be behind a firewall as far as Networking is concerned.
- Straight from PCI Data Security Standard: Build and Maintain a Secure Network:
-