PCI DSS and GoAnywhere Gateway

GoAnywhere Gateway es un componente de seguridad importante para la protección de datos de tarjetas y ayuda a las empresas a cumplir con los estándares de seguridad PCI DSS. Al permitir que los datos sensibles y credenciales permanezcan fuera de la zona DMZ y no requerir la apertura de puertos de entrda a la red interna, GoAnywhere Gateway es especialment útil para cumplir con los requisitos de la norma PCI DSS Sección 1.3 of the (texto orginal).

1.3 Prohibit direct public access between the Internet and any system component in the cardholder data environment.
1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.
1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ.
1.3.3 Do not allow any direct connections inbound or outbound for traffic between the Internet and the cardholder data environment.
1.3.4 Do not allow internal addresses to pass from the Internet into the DMZ.
1.3.5 Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.
1.3.6 Implement stateful inspection, also known as dynamic packet filtering. (That is, only "established" connections are allowed into the network.)
1.3.7 Place system components that store cardholder data (such as a database) in an internal network zone, segregated from the DMZ and other untrusted networks.
1.3.8 Do not disclose private IP addresses and routing information to unauthorized parties. Note: Methods to obscure IP addressing may include, but are not limited to:
  • Network Address Translation (NAT),
  • Placing servers containing cardholder data behind proxy servers/firewalls or content caches,
  • Removal or filtering of route advertisements for private networks that employ registered addressing,
  • Internal use of RFC1918 address space instead of registered addresses.

PCI Linoma Software es una entidad que participa en el " Payment Card Industry Security Standards Council" (PCI SSC). Como miembro, Linoma Software recibe formación y continua revisión de los estándares existentes o futuras mejoras directamente de PCI SSC.

Linoma Software está comprometida con la protección de la información personal identificable y de tarjetas de pago tanto en movimiento como en su almacenamiento a través de la encriptación, gestión de claves y transporte seguro.