[GRLUG] PCI v1.2 Compliance.

Rick Vargo rick at vargo.org
Wed Dec 10 16:00:29 EST 2008


If you take a credit card online, you must be compliant and be tested
quarterly. There is a huge fine if you are not tested compliant and they
will take away your ability to accept credit cards.

Rick


Colin Vallance wrote:
> Greg,
>
> What industries are using that right now?  That could have a huge  
> impact on the "pain-in-the-ass" level of my job.
>
> On Dec 10, 2008, at 3:21 PM, Greg Folkert wrote:
>
>   
>> All I can say it *IT SUCKS*.
>>
>> Effectively, you have to be running an IDS at all times for all  
>> network
>> traffic.
>>
>> Also have to be running Anti-Virus on Linux machines that even "look
>> like they might have CHD" near them.
>>
>> Also have to have logging (transactional and logins and traffic) going
>> back for 90 days minimum.
>>
>> You are forced to have a "comprehensive" application firewall setup
>> (like mod_security2 for Apache2) that actively blocks all "known"
>> exploits and prevents common practices. This effective eliminates  
>> *ANY*
>> CMS transaction handling of *ANY* card holder data.
>> SOAP/XML/Stremaing/AJAX virtually non-usable now unless fully double
>> encrypted in both directions with unique keys on a regularly updated
>> process.
>>
>> Disk Encryption for most everything application related must be used,
>> goodbye NFS anything.
>>
>> NO WIRELESS PERIOD. WPA2 suspect now and likely to become non-allowed
>> shortly.
>>
>> FYI, these are just a few of the things we have been told etc...
>> -- 
>> greg at gregfolkert.net
>> PGP key 1024D/B524687C 2003-08-05
>> Fingerprint: E1D3 E3D7 5850 957E FED0  2B3A ED66 6971 B524 687C
>> Alternate Fingerprint: 09F9 1102 9D74  E35B D841 56C5 6356 88C0
>> Alternate Fingerprint: 455F E104 22CA  29C4 933F 9505 2B79 2AB2
>> _______________________________________________
>> grlug mailing list
>> grlug at grlug.org
>> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>>     
>
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
>   


More information about the grlug mailing list