No Virus Protection on a walled-off PC? - TechRepublic
General discussion
May 16, 2010 at 09:05 AM
whydomath

No Virus Protection on a walled-off PC?

by whydomath . Updated 16 years, 1 month ago

About a year ago I had to switch from diskless workstations connecting to a Linux server for Point of Sale (POS) stations to Windows PCs with XP Pro. Our business application vendor decided to buy a Windows based credit card processing system to meet the new (mandatory July 1, 2009) IRS payment processing standards for Flexible Spending Account cards.

Rather than buy and maintain virus protection for these 2 PCs and allow them Internet access, I bought a Netgear FVS 338 and made a subnet for the 2 POS machines. The FVS 338 blocks all communications except for the Linux server and the proprietary domain “like creditcardprocessor.com” the card processing server on the primary POS machine has encrypted communication with. I don’t even allow Windows updates. The FVS 338 does port translation to pass startup requests from the Linux server to the card processing clients on the POS machines. In my way of thinking, the PC’s behave about like dumb terminals once they boot up and a telnet session is established to the POS application on the server.

Does this seem like a safe practice, i.e. highly restricted Internet access and no virus protection?

This discussion is locked

All Comments