Build and Maintain a Secure Network and Systems

• The Omni-Gen products should be installed on an internal (trusted) network segment.
• Data acquisition channels for bringing data into the Omni-Gen on-ramps should be configured through the Demilitarized Zone (DMZ). If the client is using the Information Builders iWay 8 product for integration services on the data acquisition, then the PCI compliance chapter in that document will provide more information on configuring Integration channels within and outside of the DMZ.
• TCP/IP listener ports are required for the Omni-Gen server and applications to communicate internally and externally. The ports are configurable by the user and can be changed during the product installation.

Omni-Gen Ports

The following table lists the default Omni-Gen ports and their use.

Omni-Gen consists of several components. It is strongly advised to change all default credentials to client controlled and maintained credentials.

The user is advised not to install any unrelated components, scripts, jars, or any other files on the production systems, other than the ones required for the product to run. The client is also advised to disable any Omni components not in use to prevent accidental and unintended access.

• Omni-Gen Server Console. This is utilized for operations and monitoring. It is meant for the internal operations user and not for external communication. The console can be disabled, if needed, and other operation monitoring components can be used. The user is advised to change the default log in for the Omni-Gen Server Console, regardless of their plan on using this component.
• Omni Designer. This is a developer tool for creating a model and is required only during the development time. The Omni Designer should not be running in a production environment. It utilizes integration with the source management system (SVN/GIT), which provides for user accessibility.