Reply

Re: PCI External Vulnerability Scans

drj361
Aspirant

PCI External Vulnerability Scans

I am trying to get a PCI compliant test done on my router. This is for me to be able to accept credit cards from customers. When they do the test it fails. they are telling me that the network is hidden. Which in my terms means they cannot get in. A good thing, not so much. no scan no CC reader. so here is what i need to do is allow the PCI scan to work. I have IP adresses from them that I can white list, but i do not know where to put that info in. Any help would be great.

Firmware Version V1.0.4.26_10.1.23
 
GUI Language Version V1.0.4.26_2.1.42.1
Model: R6250|Smart WiFi Router (AC1600)
Message 1 of 7
IrvSp
Master

Re: PCI External Vulnerability Scans

Not sure you really explained what you wanted to do?

 

External IP Addresses can NOT see your own LAN unless some things specific to allowing external access is done to allow this.

 

This would usually mean opening up PORTS or using the DMZ for a PC.

 

So, explain what is NEEDED by the outfit that is trying to access your system, ports, services, like FTP for instance, or specific PC's or servers on your network?

 

I don't have an R6250 but I don't think it has that function, unless you are talking about REMOTE ACCESS, but that is to the router itself?

 

More info is required I think?

Message 2 of 7
drj361
Aspirant

Re: PCI External Vulnerability Scans

I think you do not know what PCI compliant is.

 

Message 3 of 7
IrvSp
Master

Re: PCI External Vulnerability Scans


@drj361 wrote:

I think you do not know what PCI compliant is.

 


Sure, "Payment Card Industry Data Security Standard (PCI DSS)", but I don't know WHAT you have to do to be that?

 

Do you mean you have to do this:

 

PCI Compliance Checklist for 2017

# PCI DSS Compliance Requirement
1 Install and maintain a firewall configuration to protect cardholder data.
2 Do not use vendor-supplied defaults for system passwords and other security parameters.
3 Protect stored cardholder data.
4 Encrypt transmission of cardholder data across open, public networks.
5 Use and regularly update anti-virus software.
6 Develop and maintain secure systems and applications.
7 Restrict access to cardholder data by business need-to-know.
8 Assign a unique ID to each person with computer access.
9 Restrict physical access to cardholder data.
10 Track and monitor all access to network resources and cardholder data.
11 Regularly test security systems and processes.
12 Maintain a security policy and ensure that all personnel are aware of it.

 

Well, if so, that is what the above says, so what is the problem your are having? Which step(s)?

 

Something different?

 

I bet the 'tester' can't see your PC/Server because it is on your LAN, not the WAN... but so far you've provided no real info.

 

Want help, provide the info that one would need to understand where you are having a problem.

 

Insult me, I'm done!

Message 4 of 7
schumaku
Guru

Re: PCI External Vulnerability Scans

Alas PCI compliance is required of you are hosting a Web site or the like where you are doing credit card processing, including storage. There are easy ways around this, ie. by working with an external payment provider - so you are never storing credit card data numbers/name/CVC on your local system. You are seriously consider to host a Web shop or the like with credit card payments behind a Netgear consumer device?

Message 5 of 7
Greenlaw
Tutor

Re: PCI External Vulnerability Scans

I have the exact same issue as you. Heartland is requiring ControlScan to access my network to check for security. Did you figure out how to whitelist the range of external IP addresses??

Model: R7800|Nighthawk X4S AC2600 WiFi Router
Message 6 of 7
drj361
Aspirant

Re: PCI External Vulnerability Scans

If you look at the security sertificate the dat is very wrong. my was set fot 2-2-18 to 2-2-1902 which will fail every scan you try. You cannot change the certificate. That was only on of the issues I ran into. But it was the one that made me go out and purchase a linksys EA8300 and it passed right out of the box. 

Hope this helps.

 

 

Message 7 of 7
Top Contributors
Discussion stats
  • 6 replies
  • 1853 views
  • 0 kudos
  • 4 in conversation
Announcements