PCI DSS and GoAnywhere Gateway

Text

GoAnywhere Gateway is an important security component for protecting cardholder data and helping organizations to comply with PCI DSS. By allowing organizations to keep sensitive files and credentials out of the DMZ (demilitarized zone) while not requiring inbound ports to be opened into the internal network, GoAnywhere Gateway is specifically useful for meeting the requirements in section 1.3 of the PCI DSS (text of the standard as follows).

1.3 Prohibit direct public access between the Internet and any system component in the cardholder data environment.
1.3.1 Implement a DMZ to limit inbound traffic to only system components that provide authorized publicly accessible services, protocols, and ports.
1.3.2 Limit inbound Internet traffic to IP addresses within the DMZ.
1.3.3 Do not allow any direct connections inbound or outbound for traffic between the Internet and the cardholder data environment.
1.3.4 Implement anti-spoofing measures to detect and block forged source IP addresses from entering the network.
1.3.5 Do not allow unauthorized outbound traffic from the cardholder data environment to the Internet.
1.3.6 Implement stateful inspection, also known as dynamic packet filtering. (That is, only "established" connections are allowed into the network.)
1.3.7 Place system components that store cardholder data (such as a database) in an internal network zone, segregated from the DMZ and other untrusted networks.
1.3.8 Do not disclose private IP addresses and routing information to unauthorized parties. Note: Methods to obscure IP addressing may include, but are not limited to:
  • Network Address Translation (NAT),
  • Placing servers containing cardholder data behind proxy servers/firewalls or content caches,
  • Removal or filtering of route advertisements for private networks that employ registered addressing,
  • Internal use of RFC1918 address space instead of registered addresses.
Media
Image
PCI Security Standards Logo
Text

Fortra is a Participating Organization in the Payment Card Industry Security Standards Council (PCI SSC). As a member, Fortra receives training and provides review of existing standards or advance review of new standards or programs directly to the PCI SSC. Fortra is dedicated to the protection of payment card and other personally identifiable information while in motion and at rest through encryption, key management and secure file transport.

Request a quote for GoAnywhere Gateway Reverse Proxy solution.