Security Basics mailing list archives
Re: PCI question - anonymous users from uploading files
From: "Lyle Worthington" <lyleworthington () gmail com>
Date: Thu, 17 Jan 2008 11:17:28 -0600
I agree with Jason - if your FTP server does not house any CC data or have network access to any server that houses CC data then you will probably be able to get an exception to 8.5.8. You must be able to document what is on the FTP server and what security measures you have in place to restrict the FTP server from accessing any network resources where CC data might be stored or transmitted. You also should be able to demonstrate that you are staying up on patches for your FTP server and FTP software, and that you can produce and also monitor actively the firewall logs and server logs for your network. If your FTP server allows anonymous access then it is probably public, so put it in a DMZ, and follow requirement 1 as well. On Jan 15, 2008 8:58 AM, J. Lion <jv4l1n4 () gmail com> wrote:
Is there a PCI requirement for preventing anonymous users from uploading files (non PAN related files, like images or catalog data)?
Current thread:
- PCI question - anonymous users from uploading files J. Lion (Jan 15)
- Re: PCI question - anonymous users from uploading files Jason Thompson (Jan 15)
- RE: PCI question - anonymous users from uploading files Honer, Lance (Jan 18)
- RE: PCI question - anonymous users from uploading files Abimbola, Abiola (Jan 16)
- Re: PCI question - anonymous users from uploading files Lyle Worthington (Jan 17)
- <Possible follow-ups>
- Re: Re: PCI question - anonymous users from uploading files evilwon12 (Jan 15)
- Re: PCI question - anonymous users from uploading files Jason Thompson (Jan 15)