VERIFONE ENHANCED ZONE ROUTER



Similar documents
Verifone Enhanced Zone Router

Achieving PCI-Compliance through Cyberoam

PCI Requirements Coverage Summary Table

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

PCI Requirements Coverage Summary Table

Ruby VASC Instructor Guide

BAE Systems PCI Essentail. PCI Requirements Coverage Summary Table

The Payment Card Industry (PCI) Data Security Standards (DSS) v1.2 Requirements:

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

SolarWinds Security Information Management in the Payment Card Industry: Using SolarWinds Log & Event Manager (LEM) to Meet PCI Requirements

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

SonicWALL PCI 1.1 Implementation Guide

PAYMENT CARD INDUSTRY (PCI) ANNUAL TRAINING DECEMBER 10, 2009 WESTERN ILLINOIS UNIVERSITY OFFICE OF THE CTSO & BUSINESS SERVICES

PA-DSS Implementation Guide for. Sage MAS 90 and 200 ERP. Credit Card Processing

How To Protect Data From Attack On A Network From A Hacker (Cybersecurity)

PCI v2.0 Compliance for Wireless LAN

Client Security Risk Assessment Questionnaire

Security Controls for the Autodesk 360 Managed Services

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Simone Brunozzi, AWS Technology Evangelist, APAC. Fortress in the Cloud

PCI Compliance Can Make Your Organization Stronger and Fitter. Brent Harman Manager, Systems Consultant Team West NetPro Computing, Inc.

Retail Stores Networks and PCI compliance

74% 96 Action Items. Compliance

Corporate and Payment Card Industry (PCI) compliance

What s New in PCI DSS Cisco and/or its affiliates. All rights reserved. Cisco Systems, Inc 1

Remote Access Procedure. e-governance

Using a VPN with Niagara Systems. v0.3 6, July 2013

PCI DSS 3.0 Changes Bill Franklin Executive IT Auditor January 23, 2014

PCI DSS Best Practices with Snare Enterprise Agents PCI DSS Best Practices with Snare Enterprise Agents

Breach Findings for Large Merchants. 28 January 2015 Glen Jones Cyber Intelligence and Investigation Lester Chan Payment System Security

PCI-DSS: A Step-by-Step Payment Card Security Approach. Amy Mushahwar & Mason Weisz

LogRhythm and PCI Compliance

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

Global Partner Management Notice

Security Management. Keeping the IT Security Administrator Busy

How To Protect Your Data From Being Stolen

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

Payment Card Industry Self-Assessment Questionnaire

Did you know your security solution can help with PCI compliance too?

PCI Compliance for Cloud Applications

GE Measurement & Control. Cyber Security for NEI 08-09

March

Security FAQs (Frequently Asked Questions) for Xerox Remote Print Services

Network Segmentation

PREVENTING DATA LOSS THROUGH PRIVILEGED ACCESS CHANNELS

Keeping Up with PCI:

PCI Compliance - A Realistic Approach. Harshul Joshi, CISM, CISA, CISSP Director, Information Technology CBIZ MHM hjoshi@cbiz.com

PCI and PA DSS Compliance Assurance with LogRhythm

Credit Card Secure Architecture for Interactive Voice Response (IVR) Applications

Information Security Services. Achieving PCI compliance with Dell SecureWorks security services

GFI White Paper PCI-DSS compliance and GFI Software products

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

The Bomgar Appliance in the Network

Application Security Best Practices. Matt Tavis Principal Solutions Architect

Using Trend Micro s Cloud & Data Center Security Solution to meet PCI DSS 3.0 Compliance

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

A Rackspace White Paper Spring 2010

Connecting an Android to a FortiGate with SSL VPN

Credit Card Acceptance Policy. Vice Chancellor of Business Affairs. History: Effective July 1, 2011 Updated February 2013

Network Security Policy

White Paper. BD Assurity Linc Software Security. Overview

Using Automated, Detailed Configuration and Change Reporting to Achieve and Maintain PCI Compliance Part 4

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

CONTENTS. PCI DSS Compliance Guide

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

The Comprehensive Guide to PCI Security Standards Compliance

PCI Compliance Auditing and Forensics with Tectia Guardian

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

Payment Card Industry (PCI) Data Security Standard

CorreLog Alignment to PCI Security Standards Compliance

MITIGATING LARGE MERCHANT DATA BREACHES

PCI Compliance Training

Table of Contents. FME Cloud Architecture Overview. Secure Operations. Application Security. Shared Responsibility.

SAQ D Compliance. Scott St. Aubin Senior Security Consultant QSA, CISM, CISSP

Advantages and Benefits of Running PDI/Enterprise on an Acumera Managed Network

Compliance and Security Information Management for PCI DSS Requirement 10 and Beyond

Office of Finance and Treasury

What does it mean to be secure?

Unified Threat Management

Payment Card Industry (PCI) Data Security Standard. Summary of Changes from PCI DSS Version 2.0 to 3.0

Top Five Data Security Trends Impacting Franchise Operators. Payment System Risk September 29, 2009

Setting Up Scan to SMB on TaskALFA series MFP s.

ACCEPTING PAYMENT CARD ASSESSMENT Pre-Selection Questionnaire

PCI Compliance for Branch Offices: Using Router-Based Security to Protect Cardholder Data

University of Sunderland Business Assurance PCI Security Policy

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

LogLogic. Application Security Use Case: PCI Compliance. Jaime D Anna Sr Dir of Product Strategy, TIBCO Software

Tenzing Security Services and Best Practices

REDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance

Remote Access End User Guide (Cisco VPN Client)

Becoming PCI Compliant

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

PT Activity: Configure Cisco Routers for Syslog, NTP, and SSH Operations

Transcription:

VERIFONE ENHANCED ZONE ROUTER Security, remote management, and network connectivity offering more solutions for your c-store.

SUMMARY The Verifone Enhanced Router is designed for customers to implement a fully PCI DSS compliant solution and replaces the network security appliance previously supplied with Sapphire and Commander Petro products. Like the previous Verifone solution, the Enhanced Zone Router completely supports a single POS installation and is easily expandable to support additional devices. Time synchronization is maintained via NTP through the remote management connection for consistent event log timestamps. The Enhanced Zone Router is a managed service appliance that provides the following features: Port forwarding Intrusion Detection AES encryption X.509 certificates DER, PEM formats Dynamic IP address end-points Multiple subnet capability PCI DSS compliant Remote Helpdesk support utilizing 2- factor authentication The Enhanced Zone Router is a key security component for the overall POS architecture. BENEFITS The Enhanced Zone Router meets PCI 3.x requirements for remote multi-factor authentication (MFA) and provides segmentation of the POS LAN from the customer LAN to help reduce the scope of PCI DSS assessments. In situations where the site has no broadband access, the Enhanced Zone Router features a basic configuration User Interface only accessible within the POS LAN. 2 2

While maintaining the segmentation functions, the User Interface can also be used to configure IP addressing for installations that do not use DHCP configuration. This UI does not support console-level administrative functions like data inspection, port replication, etc. Remote management of the Enhanced Zone Router allows scalable solutions to meet specific customer requirements. The previous solution required changes through a software configuration utility. Because the Enhanced Zone Router is remotely managed, only the minimum allowable connectivity into and out of the POS LAN is enabled. As a remotely managed device the Enhanced Zone Router is kept updated with required security patches. The Verifone Enhanced Zone Router solution provides RFC5424 compliant logs which can be directed to a customer provided endpoint [SIEM]. Enhanced Zone Router configuration changes are logged and monitored. Using the site s broadband services, the Enhanced Zone Router establishes a secure connection for device management to Verifone s selected device management provider. It is pre-configured and supports DHCP to eliminate setting up port forwarding, and static IP addresses. With the Enhanced Zone Router in place, Verifone helpdesk traffic is controlled entirely by access to the Enhanced Zone Router datacenter endpoint. RSA Multi-factor authentication is configured per help desk agent to the managed network ensuring only authorized helpdesk personnel can access a site. No Verifone personnel have privileged access to the Enhanced Zone Router. Supplemental controls such as complex workstation passwords and session time outs enhance the security solution. THE SOLUTION Verifone has chosen industry leading network providers to deliver the new Enhanced Zone Router. The solution includes remote security and device patch management. With multimegabit throughput, the platform provides an extensible architecture designed to accommodate needs of today and for the future. 3 3

TODAY S DELIVERABLE In today s complex security environment, the Enhanced Zone Router provides an end to end, scalable managed and secure PCI compliant solution. PCI DSS v3.1 is challenging all Merchants with higher security standards. Verifone s Support Services fall within a merchant s PCI DSS requirements for third party service providers who interact with the cardholder data environment. As such Verifone seeks to enable the merchant s ability to meet these standards through the implementation of our Secure Remote Help Desk Services. Through a hardened methodology of securing connectivity with 2 factor authentication, access control of authorized agents, diligence in monitoring and alerting and working closely with a PCI qualified security Assessor (QSA) to provide documented evidence against applicable security requirements, Verifone provides its customers with a level of confidence not found in the industry. 4 4

VERIFONE PETRO SECURE REMOTE ACCESS SUPPORT 5 5

FACILITATING PCI COMPLIANT HELP DESK CONNECTION Petro Help Desk Agents with soft token Lan VFI Corp Domain VFI PCI Domain 2-Factor Login IPSEC/VPN Tunnel IPSEC/VPN Tunnel Secure Network Cloud Windows Terminal Server Bastion Host RSA Auth Request Secure connection management appliances RSA Admin Server w/ Tokens Verifone Logrhythm SIEM Managed through a custodial chain of command methodology, access to the secure network is either granted or revoked via use of an RSA MFA system. Each authorized Verifone Help Desk agent will be assigned a unique username and 2 factor soft token to authenticate with a Verifone Windows Terminal Server. Upon successful authentication, an IPsec VPN tunnel is established into the secure cloud. Terminal Server sessions help to insulate the customer network from Verifone s network. As an additional measure of security, each Help Desk Agent must be granted local store network access to the Verifone Commander via a software toggle located on the POS inside the store. 6 6

Once access is granted a Help Desk Agent will only be allowed to access Verifone POS devices for support and troubleshooting. No Verifone access is granted to the EZR or any other networking appliance on the store LAN; thus eliminating the ability to alter network configuration. Petro Help Desk Agents with soft token Lan VFI Corp Domain VFI PCI Domain 2-Factor Login IPSEC/VPN Tunnel Windows Terminal Server Bastion Host RSA Auth Request RSA Admin Server w/ Tokens Verifone Logrhythm SIEM In addition to access control security, Verifone has implemented access control logging, monitoring and alerting. Sessions are monitored from the start of the initial Terminal Server connection through disconnection from the secure network. PCI DSS compliant log data is processed and stored in Verifone s LogRhythm SIEM server. This data is analyzed in real-time and provides the security team the ability to alert and quickly act on any suspicious activity. All of the access and management servers are housed in a PCI compliant data center to further harden the security of the system. 7 7

FAQ 1. How do we perform our annual vulnerability and penetration tests as required by PCI? The Verifone Enhanced Zone Router is a network access device. With change management processes defined and implemented, execution of vulnerability and/or penetration tests can be accomplished. 2. How do I, as the merchant, monitor, log and audit the Verifone Zone Router for PCI DSS compliance? Utilizing industry-compliant RFC 5424 logging, the required information can be directed to a customer-provided endpoint [SIEM.] 3. Does the Enhanced Zone Router use a generic account for access and support? All access to generic accounts has been disabled. Only Verifone s authorized Petro client support organization has access to the secured network via the Verifone Zone Router. This scope is limited to only users assigned to support the client merchant environment and requires RSA 2-factor authentication to access the merchant network. 4. How are user accounts managed? User access governance is managed by RSA identity management system. This system is housed within Verifone s data center and managed in accordance to PCI-DSS requirements. 5. Does anyone with POS software programming capabilities have access to the Verifone Zone Router? No. For Tier 3 support purposes any developer needing access will be overseen by an authorized Petro client support organization representative to resolve customer issues. 8 8

6. Does a VASC/Technician have the ability to change, open/close ports on the Verifone Zone Router? A limited configuration functionality may be made available for a VASC. At install the initial registration and configuration are stored in the secure cloud. Any deltas post-install are tracked hourly and trigger alerts to security support for appropriate incident response procedures. 2015 Verifone, Inc. All rights reserved. Verifone and the Verifone logo are either trademarks or registered trademarks of Verifone in the United States and/or other countries. All other trademarks or brand names are the properties of their respective holders. All features and specifications are subject to change without notice. Reproduction or posting of this document without prior Verifone approval is prohibited. 9 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information