Office Lan

The office lan should be set up to isolate computers that may access credit cards from other general purpose machines. These machines should be hardwired to ethernet hubs and routers. Generally, this just means putting it on a different VLAN than the rest of the office to provide maximum cardholder security (PCI requirement 2.1.1)

For example, if there is an area that provides free wireless in the lobby, or access to the internet for actors in the green room, those access points should be part of the 'Venue Lan' and not part of the 'Office Lan'

You should not be able to access the internet from the database server or any machine that contains credit card information. (PCI requirement 1.3.2)

Ports that should be open are:

• Acceptance of any traffic from the apache server to the web listener(s)
• Port 5008 (outbound) for credit card authorization if using PC charge
• Port 443 outbound to the orbital servers if using Paymentech Orbital
• Port 25 (outbound) for SMTP mail service that is created by Theatre Manager
• Port 5432 for access to the database server within the lan
• Port 6113 to 6117 (outbound) for update checking
• Port 37 (outbound) for time services checking
• Port 53 (outbound) for MX record checking
• Port 80, 443 to the apache server
• Port 80 to theatremanagerhelp.com
• Port 80 to www2.artsman.com
• other ports as required for business