3 Securing Client Environments

Ensure the operating system for your application is patched with the latest security patches and the latest versions of tools and software to prevent potential exploits within the operating system and environment itself. The Center for Internet Security (CIS) has benchmarks on operating system hardening at:

https://learn.cisecurity.org/benchmarks

Inadvertent Capture of PAN includes additional guidance on securing your operating system to avoid inadvertently capturing cardholder details.

Network Segmentation

In accordance with the Payment Card Industry (PCI) Data Security Standard, Oracle Corporation mandates every site, including wireless environments, install and maintain a firewall configuration to protect data. Configure your network so databases and wireless access points always reside behind a firewall and have no direct access to the Internet.

Personal firewall software must be installed on any mobile and employee owned computers with direct connectivity to the Internet, such as laptops used by employees, which are used to access the organization’s network. The firewall software configuration settings must not be alterable by employees.

Because of the PCI Data Security Standard, Oracle Corporation mandates each site ensure that servers, databases, wireless access points, and any medium containing sensitive data are behind a firewall. The firewall configuration must restrict connections between publicly accessible servers and any system component storing cardholder data, including any connections from wireless networks.

The firewall configuration must also place the database in an internal network zone, segregated from the demilitarized zone (DMZ) with the web server. A DMZ can be used to separate the Internet from systems storing cardholder data.