Author
Jevgenijs Smirnovs
Document name
Point VxPC F02.01.xxx
Implementation Guide
E-mail
jevgenijs.smirnovs@verifone.com
Date
12-Jun-2015
Phone
+371 67844726
Page number
24
Version
1.0
© 2015 VeriFone. All rights reserved. VeriFone, the VeriFone logo, Vx, Mx, VeriCentre, VeriShield, Verix V, Verix and PAYware are either
trademarks or registered trademarks of VeriFone in the United States and/or other countries. All other trademarks or brand names are the
properties of their respective holders. All features and specifications are subject to change without notice.
The information contained in this document is confidential and property of VeriFone, Inc. This material may not be copied or published, or
divulged in part or in totality without written permission form VeriFone, Inc.
If you are using wireless network within your business you must make sure that firewalls are in-
stalled that deny or control (if such traffic is necessary for business purposes) any traffic from the
wireless environment into the Point Vx environment. Please refer to your firewall manual.
In case you are using a wireless network you must also make sure that:
• Encryption keys were changed from vendor defaults at installation.
• Passwords to access the wireless router/access point were changed from vendor defaults.
• Strong encryption (https or SSH) are used for authentication, i.e. entry of user identity and
password, to access the wireless router/ access point.
• Encryption keys are changed anytime someone with knowledge of the keys leaves the com-
pany or changes position.
• Default SNMP community strings on wireless devices are changed
• Firmware on wireless devices is updated to support strong encryption for authentication and
transmission over wireless networks, for example IEEE 802.11i. Please note that the use if
WEP as a security control was prohibited as of 30 June 2010.
• Other security related vendor defaults are changed.
3.4. Facilitate secure remote software updates
The software of your Point Vx could be updated remotely and automatically. For connection to ex-
ternal networks it is recommended to use firewall protection as per ”2.1 Build and Maintain a Secure
Network” in this document. The terminal should not be placed in an Internet accessible network
zone (“DMZ”).
Also the security part of the software that resides in the PED (PIN Entry Device) part of the terminal
could be updated remotely. The Terminal Management System that is used for distribution of the
PED software should be evaluated by a QSA as part of any PCI DSS assessment.
To Next Page
Loading...
Need help?
General
