Re: PCI Compliace & MAC

PCI compliance is related to scanning your *web site* where your store runs on, not your personal computer. Are you saying you are running Miva Merchant on your desktop Mac? You should be getting your web server scanned, not your Mac...

Re: PCI Compliace & MAC

Dear Remik,

Some Merchant Account Providers are making people get thier home / business networks scannes as well. Thier reasoning is that if you are using a Virtual Terminal or typing in credit card numbers on-line your home / business network must be PCI Compliant as well.

My whole thought on this is.......it is just getting #$%@ing crazy and stupid.

98% of all the breaches are being caussed by the large volume credit card processing companies and not the small companies that make up 90% of all business.

Re: PCI Compliace & MAC

The entire PCI compliance thing is a joke, not just the above item you mentioned. If you can prove your site is PCI compliant and there's a breach, you are STILL responsible for any losses, fines, chargebacks, etc. It is not protecting you - the merchant - in ANY WAY WHATSOEVER. Why do you think there are now congressional investigations into this PCI-money-making-scheme that does nothing for the merchant and only makes money for "security scanning companies" - with absolutely no added value or protection for merchants? It's just another high-tech version of a 'Ponzi scheme.'

Re: PCI Compliace & MAC

Well, thank you for some opinions.

First of all, why they have to scan (PCI Compliance) was VISA & Master requested to do so to the major credit card process companies. That way they explained to me and why they scan my MAC was I can see the buyer's info. via my computer by access to MIVA or my Gateway company.
They scan both my web server and my computer and while the web server was passed, my Mac was failed (even though my MAC passed twice in the past, only this time failed).

Now, they insisted I have to set up the firewall as their IP address can access to the ports but as you know the firewall of MAC had no section that I can allow to access the specific IP address. So, I changed the Firewall setting as FIREWALL is ON but only allow the port, 443 and other 2 ports which they told me the ports were open.
For this setting I believe that I allow them access to the ports.
However, I failed again.

So, I asked them to talk with the agent who knows very well about MAC Firewall but they just told me that I have to have somebody, the IT professional, otherwise I have to make a payment to the card company.

Anyway, when I contacted them first time, the agent told me that I have to buy Harware router and that way I can allow them to access to my computer even though I told I use MAC and it has FIREWALL already .

Then, after I complained them, other agent sent me e-mail which tells the X-agent didn't know about the MAC, so suggested to buy the Hardware router. But now they say I don't need to buy the router but I have to restrict the ports.

Now, I don't know how to restrict as they are satisfied because my MAC already shut up the all access (means, already restrict).

Re: PCI Compliace & MAC

Do you mean you have your Mac connected to the internet "live", without an actual router in front of it? In other words, did you hook it up directly to your cable or DSL modem?

Normally you'd have a small router at home that goes in between your cable/DSL modem and the rest of your computers. This acts as a basic firewall that protects your computers from being accessed from the internet - regardless whether you have software firewall enabled on your Mac or not. Perhaps that's what they were suggesting, if you are indeed connected live to the net without even a basic router in front of your Mac.

Since you are on a Mac, I would recommend Apple's AirPort base station (router) to handle all that for you: http://store.apple.com/us/product/MB...mco=NDE4NDQ3OA (there are also models with built in hard drives so you can have a router/wireless base station/Time Machine backup all in one device).

Re: PCI Compliace & MAC

Thank you very much for your comment.

I use Time Warner Cable and the cable connected to Cable modem and my MAC is connected to the cable modem. The cable modem has "cable", "PC", "Data", "test" and "Power" lightning button.

Sorry but do I need a router? When I opened the cable account, the cable man came and connected with my MAC using the modem and I use for a long time (maybe 10 years) in that situation.

Also, the Security Company tested twice in the past, January and October/08 and at that time, my MAC was passed for the test.

Even I'm the only one use this MAC and I have no any other computer, do I have to get a router? I heard that if I'm the only one to use and no any other compute, I don't need it, No? Sorry for my basic question.

Thank you.

Re: PCI Compliace & MAC

Absolutely!!! That is the very first thing you should get if you get an always-on connection to the internet. If you connect your Mac directly to the cable modem, anyone can access your Mac by using its IP address. If you have a basic firewall you can protect it to some degree, but that typically requires a lot of know-how to properly secure your local machine. If you have a router between your cable modem and your Mac, people hitting your IP will not "see" your Mac, they will only see the router - which will by default protect your Mac behind it (even if it doesn't have a firewall on it). Trying to breach a router like this is a *LOT* more difficult than hacking into your Mac that is connected directly to the cable modem.

Disconnect your Mac from the net and run to the nearest computer store and pick up a router. Since you are on a Mac, Apple's AirPort Extreme base station (or Time Capsule if you want to combine your Time Machine functionality) is your best bet and the simplest to set up. Once you get that in place, your PCI scanning company can then scan your Mac all they want - they will not be able to breach the router or get access to your Mac in any way. And neither will all the hackers who constantly scan IPs for any vulnerabilities, folders you may have opened up for sharing files, etc.

Re: PCI Compliace & MAC

Hi, thanks again.
I went to the Apple page to see the router but it is for the people who use more than 1 computer and share the internet with other members .
I have no other computers and don't want to share anything.

Also it is for wireless. I don't use any wireless equipment.

Re: PCI Compliace & MAC

Doesn't matter. You can turn off the wireless part or not use it at all. It also doesn't matter that you have only one computer. Router simply protects your computer(s) from being accessible directly from the internet. Right now anyone can scan your IP, see you on the net, and try to hack into your Mac - because you are connected "live" to the net. If you were behind a router, all people (hackers, PCI scanning companies, etc) can see is your router - which they can't hack, really - and they can't see your Mac or what you have on your Mac, they can't see any files you may have "shared" (and some things are "shared" by default, whether you enabled it or not), and so on. Router is a necessity in this day and age of hackers constantly scanning IPs just to see what they can find and exploit, what files they may access on your computer, and so on. You'd be amazed how many bots there are out there doing nothing but scanning IPs constantly to see if they can exploit PCs (or Macs) behind them. To give you an idea, a typical server gets hit by probably 10,000+ "scans" every single day by automated bots run by hackers, just to see if they can break in. Most of them are from China, Korea, Russia, Estonia, Bulgaria, Brazil, Argentina... If I showed you a typical firewall log showing all hacking or IP scanning attempts, for a single machine for a single day connected to the internet, you'd be running to get a router in a heartbeat. Do yourself a favor - DO NOT run your computer exposed to the world like this, without a router between your cable modem and your Mac (or PC). It's sort of like driving your car with no breaks and no airbags - you may be "ok" for a while, but sooner or later you will run into something and will have no protection whatsoever. Get a router.

Re: PCI Compliace & MAC

Remik is right. I have a router which will log all attempts and email the logs to me when it gets full and has to recycle them. My router was sending me 16 MB files every 2 minutes. It was insane! I'm on Time Warner Road Runner DSL. Anyway I quickly turned of the notification feature. But it was very enlightening to me.

A router will take all that burden of denynig and hiding ports so your Mac doesn't have to handle it. Also the router is designed to only do one thing, route traffic and protect you (if you use the hardware firewall features built into the router, which you should).

Having 2 scans good in the past doesn't mean anything at all. All it says is that you had 2 good scans in the past. Hackers are always figuring out new ways to get through. Everyday they find new exploits. The security scan companies have to change their scans as they find out about the new things. So... obviously they've got some new tests they are using now (which they didn't have 2 months ago).

Personally I would like to see public hangings come back for some crimes. I'm sure we'd have a lot fewer of them then. I think hacking in and stealing credit cards, personal info and the like and then bilking millions of dollars of money off all those people is certainly worth a hefty penalty.