`
UK Sales: 0330 1340 230

What is PCI-compliant firewall and why does your business need one?

23/03/2023
by Cathy Houghton

Firewalls are your first line of defence against all potential cyber-attacks.

Acting as a blockade between your network and the internet, firewalls ultimately block, contain, and remove any malicious internet traffic and suspicious content from entering your systems.

However, it is those point-of-sale environments where PCI-compliant firewalls come in.

PCI-DSS (payment card industry, data security standard) firewalls work hard to protect cardholder data from cyber-attacks.

With the protection of business data and customer information a formal requirement, there is more scrutiny than ever before on businesses who manage card payments and how they manage their firewall compliance.

The good news is our team is always on hand with up-to-date SonicWall firewall support, and we work with businesses of all sizes and with firewalls requiring numerous configurations.

Make sure to contact us if you have any specific or further questions.

What is a PCI Firewall?

PCI DSS firewalls go further than your average firewall and, as such, have additional requirements (which we’ll cover below).

A PCI-compliant firewall is configured for business payment card settings, protecting the cardholder data environment.

PCI compliance firewalls sit between your payment system and the internet; these firewalls segment all the secure payment elements of your network from those identified as less secure. Allowing customers to access web servers on other publicly available services while your internal networks remain protected and secure.

Ultimately, firewalls are designed to secure sensitive card data and details at all costs, and they do this by restricting the flow around the card environment.

To protect card payment environments, PCI firewalls come in the form of hardware, software, and various web applications. All working together to provide a layered approach to card environment security, as the more zones you create, the more secure your network will be. (Note: you may require multiple firewalls depending on your requirements, network, and payment environment.)

However, it is the rules that you set for your firewall that allow you to keep tight control and management. It is these rules that give firewalls their security power.

That and setting high-security standards, using virtual private networks (where applicable), and adding/closing switch ports.

Firewall configuration standards

These specific firewalls do have set requirements and guidelines, and as a first and foremost, they must also have periodic security reviews and software patching.

You must also consider the following:

Working with a professional vendor – a team that understands PCI compliance and its application to firewalls, who can support with installation, configuration, and more.

Location – devices should be in a secure location, often in an access-controlled server room restricted to specific personnel only.

Restricting access – restrict access to network equipment to security teams and senior management.

Manage all firewall configurations appropriately. Configured to block unauthorised access to your network, firewalls help to keep your network and customer payment data safe.

Integrate intrusion detection features, if appropriate and applicable.

Test your systems regularly. Testing is a vital part of the process and each test should include documentation of findings and any changes implemented.

Configuration of SonicWall firewalls

  • Create a strong password.
  • Turn on intrusion detection. Implementing measures to detect and prevent fraudulent IP addresses from entering your networks.
  • Only allow necessary inbound and outbound traffic to your payment systems. Do not allow unauthorised traffic from the cardholder data environment to the internet.
  • Turn on alerts and notifications.
  • Deny/restrict all traffic that you haven’t explicitly authorised. Restricting connections between untrusted networks and the cardholder data environment.
  • Hide your internal addresses from the internet through NAT (network address translation)
  • Allow only established connections into your network.
  • Keep firewalls updated and vulnerabilities to a minimum.

We advise all SonicWall firewalls and PCI firewalls to be properly installed, updated, and maintained by professionals, with checks and reviews carried out bi-annually.

As a business, you will also need to establish formal processes to validate and test connections, with clear documentation outlining all security measures. In fact, robust log management is a big part of PCI DSS requirements. This documentation outlines clearly defined rules and requirements, with these rules being the focal point of your SonicWall firewall configuration.

SonicWall firewall support

Numerous requirements relate to PCI DSS firewalls, making it challenging and time-consuming for many small to medium-sized businesses.

You need to understand how your systems interact with cardholder data, which is discovered through accurate cardholder data flow diagrams. Outlining network flows and more, it’s essential that you have full visibility of your system and the flows throughout.

We know that it’s vital that you respond to threats in a timely manner, and we understand that you need and want a system that supports your configuration requirements, with rules specifically set around your data flow diagrams.

That’s why our team is always on hand to help.

Professional and experienced security professionals, we can help you with various types of firewalls, setup, configuration, maintenance, and so much more.

Call us today on 0330 1340 230 or email us at enquiries@sonicwall-sales.com.

Comments

No posts found