What's new
Car Wash Forum

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

PCI scan and Video System

Rudy

Active member
My recent quarterly PCI scan failed because my Lorex video system doesn't have a secure way to logon. It (I think) uses port 80 (unsecure). To pass PCI, it needs to receive the logon information securely....(port 443??)....and this is something that the Lorex DVR doesn't support.

My holiday was spent reading about setting up a VLAN for the DVR system. Has anyone done this, or had any experience with this?

The concept...involves setting up seperate LANs. One for the Credit Card computer....and one for the DVR system. They both have access to the internet, but one LAN cannot communicate with the other. This appears to be important if a bad guy somehow tunnels into the DVR...and then can access the Credit Card system.

Separating the two devices into seperate networks effectively isolates the bad guy to the DVR only.

I have an Asus AC RT68p router. What would I need to set up a separate LAN for the DVR system?

Ideas?
 
I do NOT have a static ip....but use a DDNS service with my router.

The port 80 issue involves logging onto the Lorex DVR via the web. As far as I can tell, only port 80 (unsecure) can be used. Port 443(secure) would be the better way, but that isn't an option with the Lorex DVR menu.

The PCI picks up that there's an "unsecure" method of passing passwords.... That's the problem.

Thanks for the link for the second router. I'll read up.
 
Yeah, you're going to need to separate the NVR from the other stuff. I have two separate routers. One that my server/POS/CC stuff is connected through, and an ASUS that is for my NVR.

I would also think that a dynamic IP would be a PITA - get statics.
 
Static IP costs $$$$ with my ISP. I've had zero issues with a DDNS provider.

It seems like the device I may need is a "managed switch". I think plugging this into the internet modem will allow me seperate vLAN's?
 
Static IP costs $$$$ with my ISP. I've had zero issues with a DDNS provider.

It seems like the device I may need is a "managed switch". I think plugging this into the internet modem will allow me seperate vLAN's?

I have 5 static IP's and my broadband service - costs $100/mo. What does it cost there?
 
Back
Top