Castleforce IT Security Team

Protect Cardholder Data

Requirement 4 Encrypt transmission of cardholder data across open, public networks

Sensitive information must be encrypted during transmission over networks that are easily accessed by malicious individuals. Misconfigured wireless networks and vulnerabilities in legacy encryption and authentication protocols can be continued targets of malicious individuals who exploit these vulnerabilities to gain privileged access to cardholder data environments.

4.1 Use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.

4.1.1 Ensure wireless networks transmitting cardholder data or connected to the cardholder data environment, use industry best practices (e.g., IEEE 802.11i) to implement strong encryption for authentication and transmission.

  • For new wireless implementations, it is prohibited to implement WEP after March 31, 2009.
  • For current wireless implementations, it is prohibited to use WEP after June 30, 2010.

4.2 Never send unencrypted PANs by end-user messaging technologies (for example, e-mail, instant messaging, chat).

Secure Remote Access and SSL-VPN Partners

At Castleforce we are partnered with several leading SSL-VPN vendors and we can provide pre and post technical assistance with all the products listed. 

Mycroft Talisen Remote Access solutions It may be tempting to invest in a multi-layered, multi provider, multi-product approach, attempt to protect against each separate danger with a specific and targeted solution. However, that approach comes with unanticipated costs to the implementer, with greatly increased requirements in terms of expertise, training, support, maintenance time and effort. Worst of all, disconnected thinking can also leave unexpected gaps in protection.

Mycroft’s heritage is providing a streamlined, unified approach; combing access from multiple WAN’s such as DII(F), GSI and the Internet that will result in excellent ROI as well as greatly improved security. 

Juniper-Networks-Performance-and-Networking-SecurityNetworking and security solutions from Juniper Networks helps consolidate network security issues for small, medium and large enterprises

Stonesoft Securing Information Flow Stonesoft specialise in High Availability Security Appliances including Firewalls, IDS/IPS and SSL VPN in both hardware and virtual appliances. 

Sonicwall Protection at the speed of business SonicWALL provides firewall products with unified threat management services such as network anti-virus, anti-spyware, virtual private networking (VPN), content filtering and other security services.

Celestix Networks is the premier developer of Microsoft Windows-based managed security appliances The MSA security appliance from Celestix is specifically designed for network security, running a hardened version of Microsoft ISA Server 2006.

AEP-Networks-for-SSL-VPN-terminal-services-Windows-remote-access for Secure Communications, Secure Networking, Secure Application Access, SSL VPN, terminal services, Windows remote access, public key infrastructure, hardware security module and PKI HSM products 

Protect Card Holder Data

nuBridges protect data at rest & in transit nuBridges Protect is designed to make it easier for IT to make your operations PCI DSS compliant. Here are just a few examples:

  • No database or file layout changes required — encrypt a 16-digit credit card number without changing your pre-defined file layout, your application screens, your reports
  • No database downtime during encryption, encryption processes run in the background, allows high availability systems to remain active

Supports two data protection methods:

  1. Distributed encryption with centralized key management that does not require a persistent connection between the hub and the spokes – the optimum in performance and availability;
  2. Format Preserving Tokenization™ with central data vault

 

Contact Castleforce for help with PCI DSS

Wireless LAN (WLAN) Security

Aruba Networks secure wireless LAN products and services   Aruba's integrated policy-enforcement firewall, high-security encryption, standards-based authentication, wireless intrusion detection/prevention, and compliance audit reporting assistance meet or exceed the wireless LAN-specific security requirements in PCI DSS. Merchants using an Aruba solution can cost-effectively implement the security controls required for PCI compliance without compromising the performance of business applications or upgrading legacy networks. 

4.1.1 Ensure wireless networks transmitting cardholder data or connected to the cardholder data environment, use industry best practices (e.g., IEEE 802.11i) to implement strong encryption for authentication and transmission.
  • For new wireless implementations, it is prohibited to implement WEP after March 31, 2009.
  • For current wireless implementations, it is prohibited to use WEP after June 30, 2010.

Trend Micro Check Point firewalls and Pointsec Encryption software The Mycroft Gateway solution provides DSAS accredited hosting environments for UK Restricted data Stonesoft produce high availability multi link ISP firewalls to help reduce single point of failure AwareGO IT Security Awareness Training WatchGuard gives you powerful firewall and VPN appliances for small and medium-size enterprises Assuria Compliance and Vulnerability assessment, change detection, file integrity monitoring, Server Hardening and Log Management Lumension Security Extreme Network Switching Reseller Partner Boldonjames secure messaging and document solutions

© Copyright Castleforce 2007-2010. Web design by Theme Group