The ABCs of VLAN Segmentation

To achieve Payment Card Industry (PCI) compliance, American fuel centers are making the switch to EMV pump payment systems, and are discovering that installing a wireless network to fulfill their needs allows them to avoid the costly expense and downtime associated with a wired system. A wireless solution is capable of delivering the high speeds necessary to accommodate next generation fuel dispensers – along with fully certified data encryption technology and VLAN (virtual local area networks) segmented switching. It is this segmentation that is critical to establishing a robust and secure wireless payment infrastructure.

VLAN segmentation works by creating a collection of isolated networks, each with a separate broadcast domain, within a data network . This segmentation within a VLAN network blocks access from malicious attackers against the system. In addition, it reduces packet-sniffing attempts, which is used by outside agitators to capture network traffic at the Ethernet frame level in order to retrieve sensitive information such as financial data. With VLAN segmentation, only authorized personnel can access the servers and various digital devices necessary to execute payment transactions.

Segmentation is best visualized as a port that can accept a variety of devices. That port remains nonfunctional until a device is introduced. Once a specific device is connected, the information on it, such as a Mac address or other identifier, gets recognized. Upon recognition, the port will only open the appropriate channel necessary to accommodate that device. In essence, a credential verification is performed to ensure the device is authorized to access a particular segment of the VLAN. Segmentation provides users with the advantage of protocol separation, which allows network architects to limit certain protocols to specific users. This restricts traffic in each VLAN to relevant packets.

For AvaLAN, a leader in affordable segmentation solutions, experience has demonstrated that the real challenge with segmentation is nobody wants to manage a managed Ethernet switch. It’s very complicated, and hiring IT staff to supervise the network becomes prohibitively expensive. When partnering with the nation’s second largest retailer, AvaLAN designed a solution that supports the features they needed and allows them to have an automatic backend engine that can identify what device plugs are introduced into the port. The system then verifies the device’s credentials and puts it onto the correct network, the correct VLAN. Once the plug is removed, the port deactivates until the next device is introduced.

AvaLAN provides a very easy-to-use wireless solution that allows segmentation for increased data security, and to help fuel centers become PCI-compliant.

Read more at avalan.com