Understanding PCI Requirement 1: Your Network's Security Guard in PCI Compliance

New to PCI? Get started here: https://www.securitymetrics.com/learn... Transcript: “Welcome to PCI 101 by SecurityMetrics. Let’s dive into requirement 1: Install and maintain network security controls. This first requirement is all about firewalls. Think of a firewall like a security guard that only allows specific traffic to come through your network. For your organization, a firewall will filter unauthorized access to your data and make sure that any cardholder info stays secure. To be PCI compliant, you’ll need to have a firewall in place, controlling the traffic that comes in and out of your network. Part 1: Perimeter and Personal Firewalls When deciding where to start, there are two types of firewalls to consider: perimeter firewalls and personal firewalls. A perimeter firewall is typically installed on the edge of an organization's network to protect your internal systems from untrusted networks that come from the Internet. The compliance guide, PCI DSS, requires that a firewall is placed between systems that store cardholder data and any systems on your network that can be accessed from the Internet. Perimeter firewalls have several benefits: They’re the most robust security option; They can protect an entire network; And they can segment internal parts of a network. But they also have their drawbacks: They need to be carefully documented; They’re generally more expensive; And they can be more difficult to set-up and maintain. A personal firewall can protect a device from outside threats, including those from other devices that share the same network. These types of firewalls should be set up for devices that commonly connect to sensitive data networks. The benefits of personal firewalls are: They’re less expensive; They’re easier to maintain; And they can protect mobile workers when they’re outside the corporate network. But they’re also more limited: It doesn't protect an entire network; It often has fewer security options; And it can’t be used to replace perimeter firewalls for network segmentation. Remember, perimeter firewalls protect entire networks, while personal firewalls protect the system they are on. Part 2: Firewall Rule Best Practices When setting up firewall rules, make sure you limit traffic to essential protocols, ports, or services and be sure you have business justification for those required elements. Set up your firewall rules so that if an attacker does compromise your wireless network or device, only inbound and outbound protocols, ports, and services that have been previously authorized would be allowed access. Do your due diligence when deciding which traffic is required for your business operability, and know why it’s required. If you take extra care in choosing and setting up the firewalls for your business, you’ll keep your customers and your team secure. Thanks for watching PCI 101 by Security Metrics. If you have any questions about this requirement, visit our website at security metrics.com, or give our PCI experts a call at (801) 995-6855. #pci #datasecurity #pcicompliance #pcirequirements #smallbusiness