Securing Your Retail Network
Segmenting a network into a card processing segments and non-card processing segments helps to protect cardholder data and minimize the scope of a Payment Card Industry (PCI) Data Security Audit. The card processing segments must then be carefully monitored and controlled to ensure that only authorized users and devices can connect to the network. Given the highly distributed nature and accessibility of wired and wireless networks within the retail industry, any IP-enabled device must be confirmed before it’s allowed to connect to a retailer’s network. Furthermore, if a device is removed from the network it should trigger an alert.
The simplest way to reduce the scope of a PCI DSS audit is to ensure proper network isolation for the systems that store, process, or transmit cardholder data. Without adequate network segmentation the entire network may be included within the scope of the audit. And no matter what type of segmentation you select, Qualified Security Assessors (QSA’s) regularly need to verify that the cardholder network is properly isolated and validate that every device that’s added/removed from your network is compliant, logged, and recorded. Network Sentry/NAC can quickly and easily restrict and audit access to cardholder networks.
Leveraging Network Access Control, merchants can: