• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.

Segmenting network

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Segmenting network

    Hi techies

    I need to segment my network to comply with pci. The setup is currently as follows

    Ingenico chip n pin card machine with Ethernet cable to wireless modem router (netgear n300)

    3 or 4 laptops/iPhone connecting wirelessly

    I need either a hardware or software solution to isolate the chip n pin machine

    Any suggestions?

    Thanks

    #2
    Originally posted by Archangel View Post
    Hi techies

    I need to segment my network to comply with pci. The setup is currently as follows

    Ingenico chip n pin card machine with Ethernet cable to wireless modem router (netgear n300)

    3 or 4 laptops/iPhone connecting wirelessly

    I need either a hardware or software solution to isolate the chip n pin machine

    Any suggestions?

    Thanks
    Easiest way would be to get a cheap non wireless router to go in between the C&P and WiFi Router with firewall to allow only access one way (ie from wired to WiFi but not WiFi to Wired)
    Originally posted by Stevie Wonder Boy
    I can't see any way to do it can you please advise?

    I want my account deleted and all of my information removed, I want to invoke my right to be forgotten.

    Comment


      #3
      Originally posted by SimonMac View Post
      Easiest way would be to get a cheap non wireless router to go in between the C&P and WiFi Router with firewall to allow only access one way (ie from wired to WiFi but not WiFi to Wired)
      Thanks Simon, I've got an oldish wireless router, I could try that and disable the wireless on it. I'm not sure how I'd configure the firewall I'll have to have a look.

      Comment


        #4
        Originally posted by SimonMac View Post
        Easiest way would be to get a cheap non wireless router to go in between the C&P and WiFi Router with firewall to allow only access one way (ie from wired to WiFi but not WiFi to Wired)
        If you have the money, buy a Sonicwall Firewall. It's a commercial Firewall, so not easy to buy off the shelf of PC World and like. That will allow you to create granular firewall rules to segregate your network how you want.
        If your company is the best place to work in, for a mere £500 p/d, you can advertise here.

        Comment


          #5
          So I've got the old router connected up to my laptop (not to the chip n pin yet), but can't find anything on the firewall to block incoming traffic, any thoughts anyone?

          The router is a Belkin Router/Gateway a bit like this one

          http://cache-www.belkin.com/support/...1-4_manual.pdf

          Or should I buy a cheap non wireless router and take the chance that the firewall is configurable?

          I'm being charged £17 a month for not being compliant so don't mind spending a few quid

          Comment


            #6
            I'd relegate your routers to the store room and buy something like this Juniper NetScreen-5GT Wireless ADSL - BRAND NEW - | eBay

            Comment


              #7
              Ok, I've bought the juniper. I may need some help in setting it up though! I'll post again when it arrives.

              Thanks so far

              Comment


                #8
                Nice one, should be fairly straightforward but if you need any help (and the latest ScreenOS) give me a shout. JNCIA blah blah.

                Comment


                  #9
                  Originally posted by Vanilla View Post
                  Nice one, should be fairly straightforward but if you need any help (and the latest ScreenOS) give me a shout. JNCIA blah blah.
                  Hi Vanilla (and everyone else)

                  I've tried to install/configure the Juniper 5GT and hit a bit of a problem. It works ok with just the default zones set up, but if I try to separate the Ethernet connections from the wireless then the ehternet stops working. Ive done this:

                  1) Create a new zone "cards"
                  2) Edit the "trust" interface (which i assume just has the ethernet ports in it as wireless/adsl have their own interfaces) and change the zone from "Trust" to "cards"
                  3) Create a policy from "cards" to "untrust" of any/any permit

                  This is when the card machine cannot connect

                  changing the interface back to zone "trust" enables it again.

                  Any thoughts on what I've missed?

                  (as an aside, although the card machine is currently working via the trust zone, if I connect my laptop to another of the ethernet ports it cant connect to the internet, although it can via wireless)

                  Comment


                    #10
                    Hi Archangel,

                    Try this link or this link. It shows how to set up your ports etc so there is segregation (Home - Work mode).

                    That will give you the configuration you are after.

                    Just thinking, there might have to be some routing information put in. Hopefully one of the more clued up Juniper chaps or chapesses can help
                    Last edited by Netraider; 22 May 2012, 07:22. Reason: Thought of something else.
                    SUFTUM

                    May life give you what you need, rather than what you want....

                    Comment

                    Working...
                    X