[GRLUG] PCI v1.2 Compliance.
Colin Vallance
grlug at tankrip.com
Wed Dec 10 15:47:47 EST 2008
Greg,
What industries are using that right now? That could have a huge
impact on the "pain-in-the-ass" level of my job.
On Dec 10, 2008, at 3:21 PM, Greg Folkert wrote:
> All I can say it *IT SUCKS*.
>
> Effectively, you have to be running an IDS at all times for all
> network
> traffic.
>
> Also have to be running Anti-Virus on Linux machines that even "look
> like they might have CHD" near them.
>
> Also have to have logging (transactional and logins and traffic) going
> back for 90 days minimum.
>
> You are forced to have a "comprehensive" application firewall setup
> (like mod_security2 for Apache2) that actively blocks all "known"
> exploits and prevents common practices. This effective eliminates
> *ANY*
> CMS transaction handling of *ANY* card holder data.
> SOAP/XML/Stremaing/AJAX virtually non-usable now unless fully double
> encrypted in both directions with unique keys on a regularly updated
> process.
>
> Disk Encryption for most everything application related must be used,
> goodbye NFS anything.
>
> NO WIRELESS PERIOD. WPA2 suspect now and likely to become non-allowed
> shortly.
>
> FYI, these are just a few of the things we have been told etc...
> --
> greg at gregfolkert.net
> PGP key 1024D/B524687C 2003-08-05
> Fingerprint: E1D3 E3D7 5850 957E FED0 2B3A ED66 6971 B524 687C
> Alternate Fingerprint: 09F9 1102 9D74 E35B D841 56C5 6356 88C0
> Alternate Fingerprint: 455F E104 22CA 29C4 933F 9505 2B79 2AB2
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
More information about the grlug
mailing list