- The Oura Ring is hands down my favorite health tracker -- and it's on a rare sale
- Celebrating Latin and Hispanic Heritage Month
- The most durable Android phone I've tested has a marathon battery (and it's on sale)
- Celebrating Cisco’s Solutions Engineers in Honor of National Techies Day
- UWA Innovates: Network Upgrade Transforms Student Experience, Boosts Security, and Drives Sustainability
Back-to-Basics: Properly Configured Firewalls
As small and medium businesses begin to re-open following the pandemic, it’s important to do so securely in order to protect customer’s payment card data. Too often, data breaches happen as a result of vulnerabilities that are entirely preventable. The PCI Security Standards Council (PCI SSC) has developed a set of payment protection resources for small businesses. In this 8-part back-to-basics series, we highlight payment security basics for protecting against payment data theft. Today’s blog focuses on properly configuring firewalls.
Using a Firewall to Block Attacks from the Internet
The classic definition of a firewall is a structural component that prevents fire from spreading throughout a building. For the digital world, a firewall prevents Internet-based attacks and unauthorized access from spreading into your computers and payment system.
Firewalls manage the flow of computer data traffic allowed into and out of your network, for example to or from a server that hosts a payment system, or a PC. Depending on its configuration, a firewall will permit or restrict access and the passage of data to or from specified hosts and networks.
Firewall software can run on a computer or inside a hardware device like a WiFi router. Most security software suites include a firewall.
Here are three simple steps to help you effectively use a firewall:
- Check firewall coverage: If you change anything on your store network, make sure all devices are still protected by the firewall.
- Isolate the payment system: Set the firewall to stop all untrusted data transmissions to and from your point-of-sale and payment system. Prohibit direct public access between the Internet and these systems. Permit only what’s necessary for sales and card processing.
- Protect other connected devices: Install personal firewall software on any mobile and/or employee-owned devices that connect to the Internet that might also link to the network hosting your payment system.
Firewall rules can seem complex, but configuring them properly is vital to security. If you require additional assistance to properly configure your firewall, consult the person who installed your network and payment system.
For more information, read this PCI SSC infographic providing guidance on firewall configuration basics: PCI SSC Firewall Basics.
