1.2.2 Secure and synchronize router
configuration files.
1.2.3.a Examine firewall and router configurations to verify that
there are perimeter firewalls installed between all wireless
networks and the cardholder data environment.
1.2.3.b Verify that the firewalls deny or, if traffic is necessary
for business purposes, permit only authorized traffic between
the wireless environment and the cardholder data
environment.
The known (or unknown) implementation and
exploitation of wireless technology within a
network is a common path for malicious
individuals to gain access to the network and
cardholder data. If a wireless device or network is
installed without the entity’s knowledge, a
malicious individual could easily and “invisibly”
enter the network. If firewalls do not restrict
access from wireless networks into the CDE,
malicious individuals that gain unauthorized
access to the wireless network can easily connect
to the CDE and compromise account information.
Firewalls must be installed between all wireless
networks and the CDE, regardless of the purpose
of the environment to which the wireless network
is connected. This may include, but is not limited
to, corporate networks, retail stores, guest
networks, warehouse environments, etc.