Why on earth would you be using a home router in a business that requires PCI compliance?
Why on earth would you be using a home router in a business that requires PCI compliance?
I see. Well it depends on where and how the credit card processing takes place. The kind of business you describe doesn't always run its own in-house payment processing systems and PoS terminals. Invoicing is often done by a third party service like Square (just an example). So all the PCI compliance falls on that company. Even if you handle physical card payments (like a restaurant) a company like Square can provide card readers with end to end encryption, so again the compliance issue is at their end of the link. -- Just something that might be worth investigating.It's an extremely small company, and apparently, PCI compliance is a requirement for any business that accepts credit cards... which is EVERY business. IE: if you're a graphic designer that works from home... you probably don't have the cash to throw down for Cisco products, nor the know-how to set it up.
That's apparently not true. We had assumed the same thing... the provider would need to be compliant, not us... but since we use a computer to process the payments through a website, we're subject to the PCI compliance as well. I had assumed that, as long as the web browser met all of the specifications, we'd be fine. It seemed suspect to me, and the PCI compliance website certainly makes it sound like the ownership would fall to our provider... but... nope.I see. Well it depends on where and how the credit card processing takes place. The kind of business you describe doesn't always run its own in-house payment processing systems and PoS terminals. Invoicing is often done by a third party service like Square (just an example). So all the PCI compliance falls on that company. Even if you handle physical card payments (like a restaurant) a company like Square can provide card readers with end to end encryption, so again the compliance issue is at their end of the link. -- Just something that might be worth investigating.
I fixed it... and I find it funny that the two people on their high horses took the time to be in complete shock that a "home" router is used in a small business apparently didn't know how to fix it. Maybe sit it out next time?
I fixed it... and I find it funny that the two people on their high horses took the time to be in complete shock that a "home" router is used in a small business apparently didn't know how to fix it. Maybe sit it out next time?
And how was this fixed? Please share.
I just ran my own nmap scan on my router and I don't see tls 1.0 being active.
lol asking why a home router is being used in a environment that requires PCI compliance which usually is an enterprise requirement is being on a high horse?
And then assume neither us know how to fix it.
ok boss!
Well... since you STILL haven't provided a solution, it's a fair assumption... and again... PCI compliance is apparently NOT solely an enterprise requirement.
And how was this fixed? Please share.
Yep. This.AFAIK tls-version-min 1.1 is an OpenVPN parameter. So maybe he was talking about testing the OpenVPN server from the internet, whereas I think we were assuming he was talking about the router's web server from inside the LAN.
AFAIK tls-version-min 1.1 is an OpenVPN parameter. So maybe he was talking about testing the OpenVPN server from the internet, whereas I think we were assuming he was talking about the router's web server from inside the LAN.
tls-version-min where exactly? There is no configuration file for the router's management web server, so I'm not sure where you added that.
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!