Per the PCI-DSS requirements, all remote users outside your secure network are to utilize two-factor authentication when remoting into your network to access resources, i.e. the Remote Desktop Server that has the Point-of-Rental program installed on it. This article provides options for such.
Option A: Use LogMeIn Pro and Enable Two Factor Authentication
An affordable option is to utilize a remote access service that offers two-factor authentication. An example of such a service is LogMeIn Pro by www.logmein.com. This is different from simply using a Remote Desktop Connection to log directly into your Remote Desktop Server in that first you must log into a web page with a remote access link to a designated server or workstation within your office network. Once remoted in you can use a Remote Desktop Connection to remote into your Remote Desktop Server. This solution works on tablets, too, but you will need LogMeIn’s mobile app called LogMeIn Ignition. Make sure that once you create an account and add a server or workstation to the remote access list to turn on LogMeIn client’s Personal Password. This is the second factor. See Appendix A for more information.
The cost is around $69/year per computer.
Option B: Purchase Trustwave’s Two Factor Authentication Device and Support
Trustwave is a Qualified Security Assessor (QSA) who offers business security solutions. They have a solution for two-factor authentication in which a yearly charge pays for a new security device and support in getting your remote users securely connected from anywhere. See https://www.trustwave.com/two-factor-authentication.php#overview for more information.
The cost is around $1,000 per year and includes setup support.
Option C: Have an IT Professional Setup Two Factor Authentication
You can also hire an IT professional to provide their own two-factor authentication solution. There are other solutions on the market that IT professionals may prefer. If you go this route we recommend making sure the IT professional’s reputation is credible in this field of work.
You will have to get a price quote from an IT professional or IT services company.
Appendix A: Enabling LogMeIn Pro’s Two Factor Authentication
Below is Log information from LogMeIn’s website, www.logmein.com, explaining their understanding of the PCI requirements and how to configure their two-factor authentication solution in LogMeIn Pro.
LogMeIn understands that security and adherence to PCI requirements are critical, and we fully support our customers’ policies for ensuring their adherence to PCI-DSS compliance.
Our remote connectivity services only maintain limited session data associated with remote computers and does not retain or store any information, including any credit card data, from remote computers or any information transferred during a remote access session. Additionally, we protect all information transmitted with full, end-to-end 256-bit SSL encryption, the same encryption method endorsed by MasterCard, Visa and American Express. We also support PCI compliance with centralized user management, two-factor authentication for strong access control measures, and maintain secure physical and network security, with ongoing security monitoring & testing.
Related Links:
• Is LogMeIn secure? What security information is available? : http://lmine.ws/outkN4
• LogMeIn Security White Paper: http://lmine.ws/gvee5C
__________
What is the Personal Password?
The Personal Password feature provides an extra layer of security for your host computer. If a Personal Password has been set on the host computer, after entering your Windows login credentials or Access Code, you will be prompted to enter 3 random characters from the Personal Password. For example, if your Personal Password is "password" and you are being asked for the 5th character, you will use the drop-down menu to select the letter "w".
How do I set a Personal Password?
1. From your host computer, right-click on the LogMeIn icon in the system tray and select Open LogMeIn.
2. Select Options from the left menu.
3. Click the Preferences button.
4. Click the Security tab.
5. Under Personal Password, enter the password you would like use as the Personal Password in both fields.
6. Make sure to click OK at the bottom of the window.
How do I remove a Personal Password?
1. From your host computer, right-click on the LogMeIn icon in the system tray and select Open LogMeIn.
2. Select Options from the left menu.
3. Click the Preferences button.
4. Click the Security tab.
5. Under Personal Password, delete the current password from both fields so it shows blank.
6. Make sure to click OK at the bottom of the window.
If you need further assistance, call LogMeIn at 866-478-1805 to explore additional options.