Build & Maintain a Secure Network
One of the most important steps to ensuring the protection of cardholder data is building and maintaining a secure network. Criminals consistently attack and exploit network vulnerabilities in an attempt to get to cardholder data. For this reason, it’s extremely important that hardware and software protections that control traffic into and within the network are secure. Networks can be protected from criminal traffic through the use of intrusion detection and prevention systems.
Requirement #1: Install and maintain a firewall configuration to protect cardholder data
Firewalls can be the first line of defense to protect cardholder data on the internal network when potentially exposed to the Internet. A firewall is a computer device that controls computer traffic within an internal network and into and out of a restaurant’s network. A firewall examines all network traffic and blocks transmissions that do not meet specified security criteria. All systems should be protected from unauthorized access from the Internet. Firewalls are a key protection mechanism for any computer network.
- Use firewall configuration standards and make sure they are tested every time changes are made to equipment or software configurations
- Set up firewall configurations to deny all traffic to the cardholder data except for authorized users and uses
- Deny access to non-essential system components and ports
- Install personal firewall software on all mobile and/or employee-owned computers that connect to the Internet or to the environment storing cardholder data
Requirement #2: Don’t use vendor-supplied defaults for system passwords and other security parameters.
Building and implementing strong passwords is another way to ensure a greater level of protection. Passwords are set to a default value on software and hardware comes that comes out of the box. A common security error is to deploy software and hardware and continue using the default passwords. These default passwords can be easily retrieved through search engines and can give criminals easy access to cardholder data.
- Check to make sure all vendor default passwords are changed prior to the activation of the device – this also includes wireless devices that link to the cardholder data environment or are used to transmit cardholder data
- Establish a policy concerning the management of vendor supplied passwords and be able to show evidence that the policy has been implemented