• PCI compliance for e-commerce website on Rackspace cloud servers

    We're making an e-commerce website that's going to be in Rackspace cloud servers. Are there any requirements in regards to PCI compliance? As long as we have a working SSL certificate, along with not storing credit card info...we should be all set right? Thank you.

    ITKE364,320 pointsBadges:
  • OpenSSH on OS X for PCI compliance

    Our current version of OpenSSH on OS X is not PCI compliant. We need to upgrade it but it hasn't been working well. I did this first: brew tap homebrew/dupes brew install openssh It worked but when I tried which shh, I get this: /usr/local/bin/ssh That's fine too but our Port 22 is still using the...

    ITKE364,320 pointsBadges:
  • ASP.NET membership provider for PCI compliance

    Hello, I've noticed over the past few weeks that my ASP.NET membership provider / tables isn't PCI compliant. I'm wondering if anyone has implemented the provider that's PCI compliant. Does anyone have some experience? Thanks!

    ITKE364,320 pointsBadges:
  • PCI audit for domain administrators

    Our client is currently a Tier 1 PCI company and our auditor made a suggestion in regards to us as System Administrators / access rights. Right now, our entire Windows infrastructure is about 700 desktops and 80 servers, along with 10 domain controllers. Now, they're saying we should move to a...

    ITKE364,320 pointsBadges:
  • Is my web application PCI compliant?

    We have a web application and it receives credit card information that's transmitted through a POST request by a web browser over HTTPS. It also opens a socket to our remote PCI compliant card processor to forward the data and wait for a response. Is that PCI compliant? Thank you!

    ITKE364,320 pointsBadges:
  • PCI compliant for my payment gateway

    I've been thinking about using eWay for my payment gateway. But it offers two options: A user can either type in their credit card information on the hosted website or they can use my own form / send the data though my server to the back end. I'm leaning towards using the second option. I spoke to...

    ITKE364,320 pointsBadges:
  • PCI DSS restrictions for source code repository management

    Are there any restrictions when it comes to source code repository management under PCI DSS? This is our related to our credit card processing service for clients. Thanks!

    ITKE364,320 pointsBadges:
  • PayPal link: Is it PCI compliant?

    We're tying to build a website using Payflow link, where credit card processing is handled on Paypal hosted pages. But I'm thinking of implementing the advanced integration method, where our customers input their info on a form by my server. The form then gets posted over a SSL directly to Paypal's...

    ITKE364,320 pointsBadges:
  • How to make my website PCI compliant

    Here's what I have: I'm using a payment gateway for my website and so I provide my own credit card details form and send data to the back end through XML. Should I need to worry about PCI compliance? As long as my website is on SSL, I don't have to worry right? Thanks!

    ITKE364,320 pointsBadges:
  • Virtualization segmentation in ESXi for PCI compliance

    As of right now, my organization is PCI DSS complaint but we learned that it's a big no-no if we tried to mix in-scope and out-of-scope systems. We also saw that PCI leaders said this regarding scopes in a virtual environment. The level of segmentation required for in-scope and out-of-scope systems...

    ITKE364,320 pointsBadges:
  • DDoS mitigation for Windows Server 2008 R2

    We are doing our PCI compliance scans and our Windows Server 2008 R2 was hit by a Nessus Plugin ID. Should I be worried? It has DDoS in the title so that scares me. Here's what it says: Plugin ID: 35450 Name: DNS Server Spoofed Request Amplification DDoS Synopsis: The remote DNS server could be...

    ITKE364,320 pointsBadges:
  • Achieve level 1 PCI compliance on AWS

    Does anyone know if I can reach level 1 merchant PCI compliance on AWS? We've been evaluating several of our services and our auditor said AWS hasn't been cooperative so they moved to Rackspace. Thank you very much!

    ITKE364,320 pointsBadges:
  • Would psexec cause a failure in a PCI DSS compliance scan?

    I'm hoping someone can shed some light on my question: Would psexec cause a failure in a PCI DSS compliance scan? I've been told that it can't be used by administrators in the CDE. Thanks so much.

    ITKE364,320 pointsBadges:
  • PCI compliance issues on MySQL database

    We use Stripe to process credit card information / store client's payments in our MySQL database. We only store the ID of transaction and the client ID. And Stripe controls the PCI compliance issues. We also isolate payments to a single box that hosts the database and payment site. Now, here's our...

    ITKE364,320 pointsBadges:
  • Get SMTP Port 25 to be PCI compliant

    We're running a PCI compliance scan on our server and it keeps failing on port 25 with this message: SSL Server Supports Weak Encryption nCircle ID: 6174 Port: 25 CVSS Score: 5.8 Not Compliant Description The SSL (Secure Socket Layer) Server supports weak encryption keys, which are defined as...

    ITKE364,320 pointsBadges:
  • PCI scan failure for SSL certificate

    We did a PCI scan for one of our clients and it says they failed due to the SSL certificate, for SMTP Port 25, not matching the domain scanned. Here's what it said: Description: SSL Certificate with Wrong Hostname Synoposis: The SSL certificate for this service is for a different host. Impact: The...

    ITKE364,320 pointsBadges:
  • PCI compliance for Magento that’s running on CentOS

    Over the past few weeks, I've been trying to get PCI compliance through Trustwave's vulnerability scanner. We're using Magento that's running on CentOS. Here's the issue we have: The version of PHP running on this host is prone to a stack-based buffer overflow in the socket_connect function in...

    ITKE364,320 pointsBadges:
  • Cisco router vulnerability in PCI compliance scan

    I recently got a Cisco small business router and our PCI compliance scan flagged it as being vulnerable to a CCS injection/man-in-the-middle. From what I'm looking at, it looks like a OpenSSL vulnerability. I have the latest firmware installed but I can't wait around for Cisco to fix this. Should I...

    ITKE364,320 pointsBadges:
  • OpenSSH upgrade on web server for PCI compliance

    For the past few weeks, we've been trying to upgrade our OpenSSH for PCI compliance reasons on our organization's web server. However, we can't figure out how to do it. Here's what we tried so far: # sudo apt-get install openssh-server openssh-client Reading package lists... Done Building...

    ITKE364,320 pointsBadges:
  • Timeout SSH sessions after inactivity for PCI compliance

    For PCI DSS requirements, if a session is idle for more than 15 minutes, the user will have to re-authenticate to re-activate the terminal or session. So, because of this, we had to deal with SSH sessions that are idling at the bash prompt by enforcing a global $TMOUT of 900. But we realized that...

    ITKE364,320 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following