PCI compliance... what are you using?

s0ck

s0ck

s0ck

Soldato
Joined
18 Oct 2002
Posts
5,299
Hi chaps

Trying to help a customer get through this. One of the specs say file integrity monitoring software? I guess something that has the ability to hash an executable and monitor it for changes? What do you use?

Also, network intrusion, any recommended appliances? They run an appliance with basic snort but just wondering what else is out there. Need to be able to keep logs for a year, reporting, usual stuff.
 
I was thinking of scripting something with md5sum; was hoping for something a little more elegant though :)

Code: 
2.2.1 Implement only one primary function per server.

Whaaaa! It's an SBS box :p

I suppose the get out clause here is primary. It has one primary function and 63 secondary functions.
 
bigredshark said:
MD5 sum checking is how our tripwire like script works, on a unix box it's lightening fast, I was shocked how quickly it does the entire drive. On windows I guess you can just turn on access logging for the affected folders and then promise to check the event logs...

The one primary function rule is actually a good one in my opinion, I wouldn't knowingly buy anything from someone who was processing my credit card data on a SBS box...
Click to expand...

You probably wouldn't send your CC details in a plaintext email either!!! :o :(
 
You must log in or register to reply here.
Back
Top Bottom