vLANs random question.
-
FYI, PCI DSS V4.0 has just been released. So whatever one chooses to do it would be a good idea to check that it is compliant against the new standard.
-
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
Claiming its more secure, reduced PCI Questionaire (which I dont see how it reduced the questionaire), but they've been told it's possible - which I agree it is, but I still dont get why.
If the two can talk to each other, the PCI exposure spreads between them.
thats what I thought - so i thought it was a weird request.
-
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@dafyre said in vLANs random question.:
The short answer is you would get the Router to route between the two VLANS, and fix it so that only the Payment devices have access to the internet.
if this was an on prem system, that would world. but this is a cloud system so both need access to the internet..
Actually that makes it make more sense. It's minimal value, but that doesn't mean zero. It will improve security and simplify audits if they are both SaaS connected devices like that. Not a big deal, but not bad, either.
So how would you make that work? just using firewall rules, to let the 2 talk to pull transaction information?
-
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@dafyre said in vLANs random question.:
The short answer is you would get the Router to route between the two VLANS, and fix it so that only the Payment devices have access to the internet.
if this was an on prem system, that would world. but this is a cloud system so both need access to the internet..
Actually that makes it make more sense. It's minimal value, but that doesn't mean zero. It will improve security and simplify audits if they are both SaaS connected devices like that. Not a big deal, but not bad, either.
So how would you make that work? just using firewall rules, to let the 2 talk to pull transaction information?
If they talk only to the hosted apps, the intercommunications should be on the server, not the client. Is that not correct?
If you need devices on two different LANs (vLANs are just LANs without physical separation) then communications between them is always through a router, and routers are firewalls. So first you have to build a route, then block traffic, then allow the traffic that you want.
-
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@dafyre said in vLANs random question.:
The short answer is you would get the Router to route between the two VLANS, and fix it so that only the Payment devices have access to the internet.
if this was an on prem system, that would world. but this is a cloud system so both need access to the internet..
Actually that makes it make more sense. It's minimal value, but that doesn't mean zero. It will improve security and simplify audits if they are both SaaS connected devices like that. Not a big deal, but not bad, either.
So how would you make that work? just using firewall rules, to let the 2 talk to pull transaction information?
If they talk only to the hosted apps, the intercommunications should be on the server, not the client. Is that not correct?
If you need devices on two different LANs (vLANs are just LANs without physical separation) then communications between them is always through a router, and routers are firewalls. So first you have to build a route, then block traffic, then allow the traffic that you want.
in a "normal" IT system, that would be the case, as I'm sure you know.
POS however, the Pin pads talk directly to the Register to pull that transaction data to the Pin Pad - otherwise the pin pad wont know how much to charge the credit card - -
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@dafyre said in vLANs random question.:
The short answer is you would get the Router to route between the two VLANS, and fix it so that only the Payment devices have access to the internet.
if this was an on prem system, that would world. but this is a cloud system so both need access to the internet..
Actually that makes it make more sense. It's minimal value, but that doesn't mean zero. It will improve security and simplify audits if they are both SaaS connected devices like that. Not a big deal, but not bad, either.
So how would you make that work? just using firewall rules, to let the 2 talk to pull transaction information?
If they talk only to the hosted apps, the intercommunications should be on the server, not the client. Is that not correct?
If you need devices on two different LANs (vLANs are just LANs without physical separation) then communications between them is always through a router, and routers are firewalls. So first you have to build a route, then block traffic, then allow the traffic that you want.
in a "normal" IT system, that would be the case, as I'm sure you know.
POS however, the Pin pads talk directly to the Register to pull that transaction data to the Pin Pad - otherwise the pin pad wont know how much to charge the credit card -Then you need to connect the two VLANs, effectively defeating the purpose. It's not entirely defeated, it is still a secondary firewall but only replicating the vastly more important local firewall.
-
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@dafyre said in vLANs random question.:
The short answer is you would get the Router to route between the two VLANS, and fix it so that only the Payment devices have access to the internet.
if this was an on prem system, that would world. but this is a cloud system so both need access to the internet..
Actually that makes it make more sense. It's minimal value, but that doesn't mean zero. It will improve security and simplify audits if they are both SaaS connected devices like that. Not a big deal, but not bad, either.
So how would you make that work? just using firewall rules, to let the 2 talk to pull transaction information?
If they talk only to the hosted apps, the intercommunications should be on the server, not the client. Is that not correct?
If you need devices on two different LANs (vLANs are just LANs without physical separation) then communications between them is always through a router, and routers are firewalls. So first you have to build a route, then block traffic, then allow the traffic that you want.
in a "normal" IT system, that would be the case, as I'm sure you know.
POS however, the Pin pads talk directly to the Register to pull that transaction data to the Pin Pad - otherwise the pin pad wont know how much to charge the credit card -Then you need to connect the two VLANs, effectively defeating the purpose. It's not entirely defeated, it is still a secondary firewall but only replicating the vastly more important local firewall.
ROFMAO - like the terminals have firewalls - HAHAHAHAHAHA
-
@Dashrender said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@dafyre said in vLANs random question.:
The short answer is you would get the Router to route between the two VLANS, and fix it so that only the Payment devices have access to the internet.
if this was an on prem system, that would world. but this is a cloud system so both need access to the internet..
Actually that makes it make more sense. It's minimal value, but that doesn't mean zero. It will improve security and simplify audits if they are both SaaS connected devices like that. Not a big deal, but not bad, either.
So how would you make that work? just using firewall rules, to let the 2 talk to pull transaction information?
If they talk only to the hosted apps, the intercommunications should be on the server, not the client. Is that not correct?
If you need devices on two different LANs (vLANs are just LANs without physical separation) then communications between them is always through a router, and routers are firewalls. So first you have to build a route, then block traffic, then allow the traffic that you want.
in a "normal" IT system, that would be the case, as I'm sure you know.
POS however, the Pin pads talk directly to the Register to pull that transaction data to the Pin Pad - otherwise the pin pad wont know how much to charge the credit card -Then you need to connect the two VLANs, effectively defeating the purpose. It's not entirely defeated, it is still a secondary firewall but only replicating the vastly more important local firewall.
ROFMAO - like the terminals have firewalls - HAHAHAHAHAHA
They do, people just disable them intentionally to introduce security risks.
-
@dashrender said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@dafyre said in vLANs random question.:
The short answer is you would get the Router to route between the two VLANS, and fix it so that only the Payment devices have access to the internet.
if this was an on prem system, that would world. but this is a cloud system so both need access to the internet..
Actually that makes it make more sense. It's minimal value, but that doesn't mean zero. It will improve security and simplify audits if they are both SaaS connected devices like that. Not a big deal, but not bad, either.
So how would you make that work? just using firewall rules, to let the 2 talk to pull transaction information?
If they talk only to the hosted apps, the intercommunications should be on the server, not the client. Is that not correct?
If you need devices on two different LANs (vLANs are just LANs without physical separation) then communications between them is always through a router, and routers are firewalls. So first you have to build a route, then block traffic, then allow the traffic that you want.
in a "normal" IT system, that would be the case, as I'm sure you know.
POS however, the Pin pads talk directly to the Register to pull that transaction data to the Pin Pad - otherwise the pin pad wont know how much to charge the credit card -Then you need to connect the two VLANs, effectively defeating the purpose. It's not entirely defeated, it is still a secondary firewall but only replicating the vastly more important local firewall.
ROFMAO - like the terminals have firewalls - HAHAHAHAHAHA
on this particular system (which I am the Admin for) Windows firewalls are required to stay on - for all 3 options no matter what.
-
@WrCombs said in vLANs random question.:
@dashrender said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@scottalanmiller said in vLANs random question.:
@WrCombs said in vLANs random question.:
@dafyre said in vLANs random question.:
The short answer is you would get the Router to route between the two VLANS, and fix it so that only the Payment devices have access to the internet.
if this was an on prem system, that would world. but this is a cloud system so both need access to the internet..
Actually that makes it make more sense. It's minimal value, but that doesn't mean zero. It will improve security and simplify audits if they are both SaaS connected devices like that. Not a big deal, but not bad, either.
So how would you make that work? just using firewall rules, to let the 2 talk to pull transaction information?
If they talk only to the hosted apps, the intercommunications should be on the server, not the client. Is that not correct?
If you need devices on two different LANs (vLANs are just LANs without physical separation) then communications between them is always through a router, and routers are firewalls. So first you have to build a route, then block traffic, then allow the traffic that you want.
in a "normal" IT system, that would be the case, as I'm sure you know.
POS however, the Pin pads talk directly to the Register to pull that transaction data to the Pin Pad - otherwise the pin pad wont know how much to charge the credit card -Then you need to connect the two VLANs, effectively defeating the purpose. It's not entirely defeated, it is still a secondary firewall but only replicating the vastly more important local firewall.
ROFMAO - like the terminals have firewalls - HAHAHAHAHAHA
on this particular system (which I am the Admin for) Windows firewalls are required to stay on - for all 3 options no matter what.
See!! Firewalls!
