1 – Maintain Firewalls to Protect Cardholder Data
Select > > > > > Reports or Dashboards > .
PCI Requirement 1 requires that you install and maintain a firewall configuration to protect data in a cardholder data environment (CDE). Firewalls control computer traffic in and out of your network, as well as to and from sensitive areas within secure or sensitive internal networks. To prove compliance with PCI DSS, you must monitor the firewalls at Internet connections and between any demilitarized zones (DMZs). You must also monitor the devices that manage traffic.
Use the following dashboards and reports to check for potential firewall vulnerabilities in your environment.
Accessed Ports Through Firewall
Reports the firewalls that allowed the most traffic by port number. The table provides results by IP addresses for the firewall, the source system, and the destination system; the destination port; number of events; and the firewall rule number that triggered the event.
Blocked Inbound Traffic to Card Holder Data Environment
Reports the destination ports with traffic to the CDE from non-CDE systems that has been blocked the most often. The table provides results by IP addresses for the firewall, the source system, and the destination system; the destination port; the protocol used, number of events; and when the most recent event occurred.
Blocked Outbound Traffic from Card Holder Data Environment
Reports an overview of blocked traffic from the CDE to non-CDE systems over time. The table provides results by blocked outbound traffic per firewall. It lists the IP addresses for the firewall, the source system, and the destination system; the source and destination zones; affected port; and when the most recent event occurred.
Reports the internal systems that send the most communications to a DMZ, or less secure environment, in the specified time range. The table provides results by IP address of the source and destination systems, the affected ports, when the events occurred, and the number of events.
External to Internal PCI Systems
Reports the external systems that are communicating directly with PCI internal systems most often. The table provides results by the IP addresses and zones of the source and destination systems, the affected port, protocol used, and the number of events.
Firewall Configuration Changes
Reports the firewalls and devices with the most changes to their configuration. The table provides results by the IP address, product, and vendor of the device that was changed; the name and rule related to the change; the number of changes detected; and when the most recent event occurred.
Inbound Traffic to the Card Holder Data Environment
Reports the systems that allowed the most traffic to the CDE from non-CDE systems by destination address and port. The table provides results by the IP addresses for the firewall, the source system, and the destination system; the affected port; the protocol used; the number of events; and when the most recent event occurred.
Internal PCI Systems to External
Reports the CDE systems that communicate directly with external systems. PCI standards expects that your enterprise can justify this type of traffic. The table provides results by the IP address of the source system, destination system, and the device; the destination port; the protocol used; and the number of events.
Network Routing Configuration Changes
Reports the network routing devices that have had the most configuration changes in the specified time range. The table provides results by the IP address for the device, the type of device; the event name; number of events; and when the most recent event occurred.
Outbound Traffic from the Card Holder Data Environment
Reports the systems that allowed traffic from the CDE to non-CDE systems by destination IP address. The table provides results by the IP addresses for the device, the source system, and the destination system; the affected port; the protocol used; number of events; and when the most recent event occurred.
Overview of Communication Activity from CDE
Provides, in charts and a table, an overview of communication going out from the CDE. You can view the target and source IP addresses, target ports, and the block source IP addresses.
Overview of Communication Activity to CDE
Provides, in charts and a table, an overview of communication coming into the CDE. You can view the target and source IP addresses, target ports, and the block source IP addresses.
Reports the servers with a personal firewall installed. PCI standards require that users install personal firewall software on any device, such as a laptop, that is used to access the cardholder data environment and also might connect to the Internet when outside the PCI network. The table lists the IP address and name of the system hosting the personal firewall, as well as the more recent time that the firewall was detected.
Private IP Addresses Disclosure
Reports the RFC1918 IP addresses with the most communication with public IP addresses. The table provides results by IP address of the source and associated destination systems, the destination port, the protocol used, and the number of events.
Unauthorized Access to Card Holder Data Environment
Reports the accounts with the most unauthorized attempts to access the CDE. The table provides results by the user account, source and destination IP addresses, time the events occurred, and the number of events.
Unauthorized Inbound Traffic to Card Holder Data Environment
Reports the IP addresses in the cardholder environment that have experienced the most unauthorized traffic to the CDE from non-CDE systems. The table provides results by the source and destination IP addresses, the ports of the destination system, the protocol used, the number of events, and when the most recent event occurred.
Unauthorized Inbound Traffic to DMZ
Reports the systems with the highest amount of unauthorized traffic to the DMZ. The table provides results by the IP addresses for the device, the source system, and the destination system; the source zone; affected port; number of events; and when the most recent event occurred.
Unauthorized Outbound Traffic from Card Holder Data Environment
Reports the ports with the most unauthorized traffic from the CDE to non-CDE systems. The table provides results by the IP addresses for the device, the source system, and the destination system; the destination zone; the affected port; the protocol used; and number of events.
Reports the VPN gateways with the most changes to their configuration. The table provides results by IP address of the VPN, the policies or configurations changed, the type of VPN, and number of events.