partpricer
IS-IT--Management
I just happened upon this forum. There is a wealth of information here regarding Aloha. Perhaps someone here can answer some questions for me as our dealer is not able. Here is our scenario:
We take PCI compliance very seriously and have our environments tightly locked down. Our Aloha systems run in their own firewalled security zones with the only allowed connection outbound to our payment processor via a SSL connection to a specific IP. This is done through a proxy. There are no inbound connections allowed.
Now, the other day all of our credit and debit card transactions were failing. We went in and looked at the firewalls and saw that the connection to the processor was initiating correctly whenever a payment card transaction was attempted, but there was nothing being sent. We then turned to look at Aloha since nothing had changed in our security environment for about a week.
To make a long story short, after some extensive investigation we have found that Aloha appears to initiate an outbound connection on port 80 to webfarm.alohaenterprise.com periodically. Since we block all connections out of this zone other than the one mentioned above, the connection was failing and after a period of time, the application crippled itself. In an effort to maintain a revenue stream for our business and keep our customers happy, we briefly allowed outbound connections on port 80 from this zone. We saw a quick connection to alohaenterprise.com, then our payment card transactions started processing. We blocked port 80 again and the transactions continue to process. But, we don't know for how long.
So, I have a few questions.
1. What is the purpose of this connection to alohaenterprise.com?
2. How often does it attempt to establish this connection?
3. If this connection is actually needed for the application to function properly, should we allow connections to a specific IP address, a range of IP addresses, or a DNS name?
We take PCI compliance very seriously and have our environments tightly locked down. Our Aloha systems run in their own firewalled security zones with the only allowed connection outbound to our payment processor via a SSL connection to a specific IP. This is done through a proxy. There are no inbound connections allowed.
Now, the other day all of our credit and debit card transactions were failing. We went in and looked at the firewalls and saw that the connection to the processor was initiating correctly whenever a payment card transaction was attempted, but there was nothing being sent. We then turned to look at Aloha since nothing had changed in our security environment for about a week.
To make a long story short, after some extensive investigation we have found that Aloha appears to initiate an outbound connection on port 80 to webfarm.alohaenterprise.com periodically. Since we block all connections out of this zone other than the one mentioned above, the connection was failing and after a period of time, the application crippled itself. In an effort to maintain a revenue stream for our business and keep our customers happy, we briefly allowed outbound connections on port 80 from this zone. We saw a quick connection to alohaenterprise.com, then our payment card transactions started processing. We blocked port 80 again and the transactions continue to process. But, we don't know for how long.
So, I have a few questions.
1. What is the purpose of this connection to alohaenterprise.com?
2. How often does it attempt to establish this connection?
3. If this connection is actually needed for the application to function properly, should we allow connections to a specific IP address, a range of IP addresses, or a DNS name?