Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PCI compliance on a university network

From: "Flynn, Gerald" <flynngn () JMU EDU>
Date: Tue, 22 Dec 2009 09:14:02 -0500
-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Dobbins
Sent: Tuesday, December 22, 2009 4:10 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] PCI compliance on a university network

We found that the scope of requirements for compliance was so large,
and ended up including so much infrastructure, as to be untenable in a
typical university LAN.  For that reason we went with a wholly-isolated
environment in order to keep the scope localized to a set of systems
and network gear that we could "get our hands around" in terms of
compliance.  We use a VPN concentrator and inexpensive SOHO devices
with nailed-up VPN tunnels for the POS stations, so the payment card
network ends up being virtual, and again can be seen as wholly-
contained in the special environment.


Are the POS stations desktops? How many did you end up with? Did
you give the people two desktops?
Previous By Date Next
Previous By Thread Next

Current thread: