[GRLUG] PCI v1.2 Compliance.

Colin Vallance grlug at tankrip.com
Wed Dec 10 15:47:47 EST 2008


Greg,

What industries are using that right now?  That could have a huge  
impact on the "pain-in-the-ass" level of my job.

On Dec 10, 2008, at 3:21 PM, Greg Folkert wrote:

> All I can say it *IT SUCKS*.
>
> Effectively, you have to be running an IDS at all times for all  
> network
> traffic.
>
> Also have to be running Anti-Virus on Linux machines that even "look
> like they might have CHD" near them.
>
> Also have to have logging (transactional and logins and traffic) going
> back for 90 days minimum.
>
> You are forced to have a "comprehensive" application firewall setup
> (like mod_security2 for Apache2) that actively blocks all "known"
> exploits and prevents common practices. This effective eliminates  
> *ANY*
> CMS transaction handling of *ANY* card holder data.
> SOAP/XML/Stremaing/AJAX virtually non-usable now unless fully double
> encrypted in both directions with unique keys on a regularly updated
> process.
>
> Disk Encryption for most everything application related must be used,
> goodbye NFS anything.
>
> NO WIRELESS PERIOD. WPA2 suspect now and likely to become non-allowed
> shortly.
>
> FYI, these are just a few of the things we have been told etc...
> -- 
> greg at gregfolkert.net
> PGP key 1024D/B524687C 2003-08-05
> Fingerprint: E1D3 E3D7 5850 957E FED0  2B3A ED66 6971 B524 687C
> Alternate Fingerprint: 09F9 1102 9D74  E35B D841 56C5 6356 88C0
> Alternate Fingerprint: 455F E104 22CA  29C4 933F 9505 2B79 2AB2
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug



More information about the grlug mailing list