Point of Success Roundtable Home

 Moderated by: garyt  
AuthorPost
Jeff Ward
Administrator


Joined: Mon May 21st, 2007
Location: Mesa, Arizona USA
Posts: 2874
Status: 
Offline

  back to top

You can access Point of Success using any remote access technology, including:
Special requirements to meet PA-DSS (PCI) credit card data security standards:

Please be aware that:

If you use an alternate administration interface (e.g. Remote Desktop, LogMeIn, GoToMyPC, CrossLoop) to access your payment processing environment or to make administrative changes, the traffic must be encrypted with a secure encryption technology (e.g. SSH, VPN, or SSL/TLS) to maintain credit card data security compliance.
  • Do not use remote access solutions requiring “port forwarding” such as VNC and PCAnywhere.
  • Use two-factor authentication for remote access. Use technologies such as RADIUS, TACACS with tokens, or VPN with individual certificates assigned to each user. Two-factor authentication means that two of the following three things are required: Something the user knows (like a password), something the user has (like a one-time use key) or something the user is (like biometric data).
  • Develop usage policies for critical employee-facing technologies (for example, remote-access
    technologies, wireless technologies, removable electronic media, laptops, personal data/digital
    assistants (PDAs), e-mail usage and Internet usage) to define proper use of these technologies for all employees and contractors. Ensure these usage policies require the following:
    • Explicit management approval to connect any device to your network
    • Authentication for use of the technology
    • A list of all such devices and personnel with access
    • Labeling of devices with owner, contact information, and purpose
    • Acceptable uses of the technology.
    • Acceptable network locations for the technologies
    • List of company-approved products
    • Automatic disconnect of sessions for remote-access technologies after a specific period of
      inactivity
    • Activation of remote-access technologies for vendors only when needed by vendors, with
      immediate deactivation after use
LogMeIn free or professional client packages meet the data security requirements stated above, as do other remote access technologies, but must be configured for two-factor authentication. For more information, visit LogMeIn at: http://www.LogMeIn.com


UltraBB 1.172 Copyright © 2007-2011 Data 1 Systems