PCI Compliance Guidelines: Locking Down Firewall Rules for Active Directory Replication

We all know Windows Active Directory is a great solution to centrally manage users and computers.

But how do you manage devices that sit behind a network firewall? Active Directory can still be the solution but firewall rules have to be locked down to limit the necessary ports.

PCI Requirement 1.2.1 states: Restrict inbound and outbound traffic to that which is necessary for the cardholder data environment.

Well, how do you lock down RPC traffic (TCP 1024-65535) that which is necessary for domain replication?

Microsoft has published an article showing how you can restrict RPC traffic to a single port:
http://support.microsoft.com/kb/224196

PCI compliance does not have to hinder business operations…with a bit of research, systems and security administrators can both win!



Get Ready for PCI DSS v4.0

UPDATE The PCI SSC announced the final version of PCI DSS v4.0 won’t be published until 2021.

For PCI recommendations on payment processing with newly remote workers, PCI SSC suggests a review of key areas to protect payment card data. Read Article: Payment Processing in a Remote Working Environment

Leave a Reply

Your email address will not be published. Required fields are marked *