Engineer online safety security

How to achieve a PCI Compliant network

Trefor DaviesA lot of effort goes into achieving PCI compliance for a network. Without going into huge detail I thought some of you would like to know the type of work we had to do to get the badge.

Implementation of secure LDAP cluster

This consists of a master server and three read-only slaves, the master server is locked down heavily and the read-only slaves are used for applications to authenticate against. All communication is authenticated and encrypted. All of our new systems have been moved over to authenticate against this LDAP cluster.

TACACS+ / RADIUS (2-Factor) authentication front ends

TACACS+ is an authentication protocol used by all our network equipment and passes authentication through to the LDAP cluster. This system was rebuilt to use encrypted communication, a well structured user/group system, and various security features.

RADIUS (2-Factor) was implemented to pass one factor of the authentication back to the LDAP cluster and the second factor back to a Yubi Key server so that Yubi Keys can be used.

Secure VPN, was implemented using

Engineer internet Net

PCI compliant networks

Trefor DaviesPleased to tell you that as of today, Timico, NewNet and PowerNet have been listed on Visa Europe’s website as having a PCI (Payment Card Industry) compliant network.

Check it out here.

Our PCI compliance project began in mid-July and all paperwork and network scan was sent to Visa Europe on 14 November.  The team met pretty much every other week since July, sometimes for all day workshops, to tackle this project.  It’s a great credit to everyone that the project was completed in such a short space of time.  I’m sure they will all agree, it wasn’t easy.

The cross disciplinary team was lead by Leslie Young and comprised Nick Luckcuck, Ian Christian, Will Curtis, Faye Hemingway, Dean Bruce, Tom Grace, Jared Moore and Calum Malcolm.

Anyone out there needing a PCI compliant network should check us out. Press release with more spiel here.

I’ll do another post to cover the type of work we had to do to achieve compliance.