DaemonForums  

Go Back   DaemonForums > Miscellaneous > General software and network

General software and network General OS-independent software and network questions, X11, MTA, routing, etc.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 10th July 2008
dk_netsvil dk_netsvil is offline
Real Name: Devon
Fdisk Soldier
 
Join Date: May 2008
Location: New York
Posts: 75
Thanked 7 Times in 7 Posts
Default Payment Card Industry compliance scanning

Payment Card Industry (PCI) scans are something I get to deal with every day where I am responsible for a data center with a high concentration of e-commerce webservers. For those who have yet to experience this phenomena allow me to explain a little about PCI scans. For an online retailer using, for example, Visa services it is a requirement to submit your website to periodic PCI evaluations or else risk falling out of favor with, in this example, Visa. So you sign up with a service, there are many available, and your website is analyzed on many different levels to determine potential security vulnerabilities. These range from known weaknesses in different versions of apache, mysql, php, openSSH, openSSL, Java, etc. Some of these scans return relatively simple information - your apache version has a known vulnerability, solution: upgrade to version X.

Other scans are so generalized as to be useless - better to send me an email telling me I might as well just spin a wheel and guess.

From a practical administration perspective I appreciate that card companies are attempting, through the mechanism of the PCI scan, to reduce fraud and ultimately improve the name of online credit card processing. And, as an admin, I am well aware that one means of ensuring a high level of compliance is periodically scanning these servers to ensure they are secure. On the other hand, when I get these useless vague scan reports I wonder if it's not also kind of a scam, especially when I call and they are either unwilling to discuss how the scan result came to be determined or if it's something they can't repeat.

Any thoughts?
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
A PDP-11 program card TerryP Programming 0 10th April 2009 05:54 AM
C F Card and fstab terryd FreeBSD General 1 3rd December 2008 05:26 PM
PCI DSS Compliance ddekok General software and network 0 19th November 2008 03:56 AM
Torvalds attacks IT industry 'security circus' roddierod Off-Topic 17 6th September 2008 02:03 PM
Wireless Card on T61 disappearedng FreeBSD General 1 13th July 2008 12:54 AM


All times are GMT. The time now is 09:26 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick