View Single Post
  #1   (View Single Post)  
Old 19th November 2008
ddekok ddekok is offline
Port Guard
 
Join Date: May 2008
Posts: 38
Default PCI DSS Compliance

I'm in the process of bringing a few FreeBSD servers up to speed with PCI DSS Requirements.

While I have already implemented some of the requirements, but I'm curious about what tools and strategies have been applied to this situation.

For instance, I need a web application firewall (intrusion detection/prevention) of some sorts. I'm at a cross roads here, mod_security or snort or ... ?

Basically, I'm lacking knowledge in this area, and can't seem to find anything that isn't a sale or regurgitation of the standards.

A bit of background -- this is for a small web development company, with 3 servers (two production, one development). We have a couple custom web applications, one of which requires ecommerce and is driving this effort, and a handful of Drupal/Wordpress sites. This will have to be a DIY thing as we don't have funds for fancy network appliances and the such.

This is something I would rather not learn from trial and error.

Thanks.
Reply With Quote