Security Basics mailing list archives
Re: 3 PCI questions that bother me
From: Matt - MRS Security <matt () mrssecurity com>
Date: Fri, 12 Dec 2008 16:43:07 +0000
Mattias Hemmingsson wrote:
Hi PCI question number one We had a profence webproxy on a separate server but the profence did something to the traffic so we had to remove it. And now to the question PCI says one primare funktion on one server. Can you run apache,glassfish and mod_security on the same server ? Both apache and glassfish handel http request so there i tink im safe. But mod_security on the same server as the webbserver ? Anyone doing the same thing ? PCI question number two If one of my firewalls dies a hve to destroy it so that you cant be able to retrieve any data from the firewall. But if a destroy it no warranty is valid so how do you solve this ? PCI question number tre We are thing of using our radius server to handle all our logins to the server. We are using OTP that are genarated by this small "thing" a have with my keys. So of a use this OTP to loggin to every server what do you think of this ? And is it a problen with the password rules ? // Matte
1) No problems. If concerned query it with your PCI QSA.2) why are you storing CHD on a firewall? Just blank it, reload firmware and start again.
3) No problems with OTP. As long as every user has an account, you do not share accounts, you have strong passwords, and the radius server is secure and you can prove this.
What does your QSA say? Btw, this is a recommendation for you to consider! Thanks.
Current thread:
- 3 PCI questions that bother me Mattias Hemmingsson (Dec 12)
- Re: 3 PCI questions that bother me Matt - MRS Security (Dec 12)