I'm in the process of bringing a few FreeBSD servers up to speed with
PCI DSS Requirements.
While I have already implemented some of the requirements, but I'm curious about what tools and strategies have been applied to this situation.
For instance, I need a web application firewall (intrusion detection/prevention) of some sorts. I'm at a cross roads here, mod_security or snort or ... ?
Basically, I'm lacking knowledge in this area, and can't seem to find anything that isn't a sale or regurgitation of the standards.
A bit of background -- this is for a small web development company, with 3 servers (two production, one development). We have a couple custom web applications, one of which requires ecommerce and is driving this effort, and a handful of Drupal/Wordpress sites. This will have to be a DIY thing as we don't have funds for fancy network appliances and the such.
This is something I would rather not learn from trial and error.
Thanks.