To maintain my PCI compliance I am not allowed to have any holes in the firewall of my router. One option is that I only allow outside access to my network by specific IP addresses but this doesn't help since IPhones apparently have dynamic IP addresses. The only options I have come up with is getting another DSL line at the wash or getting a smartphone that will allow static IP addresses and a new router that will allow me to allow access by specific computers. Has anyone found a better way around this.
PCI compliance vs. Remote monitoring
- Thread starter DPD36
- Start date
Happycarz
Member
DPD36,
How is you system set up. Is the PCI compliant computer a stand alone unit, with a second security computer (or DVR system?)
My system is set up with a DSL modem/router, then a switch with static IP address going to the DVR and the dynamic address going to the firewall and on to the PCI compliant computer.
Right now I am in the process of switching to cable for faster upload speed, and it has a modem only - no router incorporated into the modem. So now I have to replace the switch with a router. Dave, at WashGear, was kind enough to help me set up the new router so the credit card system would function. But since I don't understand all that router stuff, I'm having a my network guy come by tomorrow to finish setting the router for the DVR.
How is you system set up. Is the PCI compliant computer a stand alone unit, with a second security computer (or DVR system?)
My system is set up with a DSL modem/router, then a switch with static IP address going to the DVR and the dynamic address going to the firewall and on to the PCI compliant computer.
Right now I am in the process of switching to cable for faster upload speed, and it has a modem only - no router incorporated into the modem. So now I have to replace the switch with a router. Dave, at WashGear, was kind enough to help me set up the new router so the credit card system would function. But since I don't understand all that router stuff, I'm having a my network guy come by tomorrow to finish setting the router for the DVR.
At the wash we have a Hamilton DAN for the credit card processing and the DVR is from Rugged CCTV. At the house I have a laptop with an air card. We live off of the beaten path so I didn't install a phone line at the house when we built. I like MEP's idea, but don't like the idea of leaving the laptop plugged in when I'm away from home.
Would it work if I ran the DSL line from the modem to a switch and then to the router and the DVR straight to the switch?
Would it work if I ran the DSL line from the modem to a switch and then to the router and the DVR straight to the switch?
Happycarz
Member
Send me your email and I will send you my schematic for the routers and switches.
happycarz at msn dot com
Your system will be in compliance and you can view your DVR.
happycarz at msn dot com
Your system will be in compliance and you can view your DVR.
beatlesfan18
New member
We ran into the same questions and had no idea how to get compliant, or if it was just a one time thing we had to deal with. We found a company called AO Compliance (I think) that does everything for us cheap. We have a problem we call them. I still don't know how it works but they do... Just Google AO Compliance
cwguy.com
The Eric
How about just switching the provider? I only have web experience... but the provider I used would email every year and say "time to check for pci compliance". 
Or you could setup two networks at your car wash. Using a router and setting up a dmz... a dmz for your video computer. Usually expensive routers have those features built in (but my info is old). I had a sonicwall that did all that for you. You would access everything the same.... except you could block ports differently in different zones. This is how stuff is setup in medium/large companies... don't know why you would have any issue with compliance this way? They are just going to run an automated port scan... but you might have to explain your setup or run a scan locally?
Or you could setup two networks at your car wash. Using a router and setting up a dmz... a dmz for your video computer. Usually expensive routers have those features built in (but my info is old). I had a sonicwall that did all that for you. You would access everything the same.... except you could block ports differently in different zones. This is how stuff is setup in medium/large companies... don't know why you would have any issue with compliance this way? They are just going to run an automated port scan... but you might have to explain your setup or run a scan locally?
