Securely implement remote access software
If you use remote access software to access Maitre’D or other components of the payment application you are using, you need to configure its settings to be as secure as possible. Please consult the documentation that came with your remote access software or solution.
Here are some guidelines that will help securing remote access:
Change default settings in the remote access software (for example, change default passwords and use unique passwords for each customer).
Allow connections only from specific (known) IP/MAC addresses. (Also known as MAC Address Filtering)
Use strong authentication and complex passwords for logins (See PA-DSS Requirements 3.1.1 through 3.1.10)
Enable encrypted data transmission according to PA-DSS Requirement 12.1
Enable account lockout after a certain number of failed login attempts (See PADSS Requirement 3.1.8)
Configure the system so a remote user must establish a Virtual Private Network (“VPN”) connection via a firewall before access is allowed.
Enable the logging function.
Restrict access to customer passwords to authorized reseller/integrator personnel.
Establish customer passwords according to PA-DSS Requirements 3.1.1through 3.1.10.