• AWS: PCI DSS – file integrity monitoring

    I have to deploy some file integrity monitoring  / intrusion detection software on our AWS instances. We wanted to use OSSEC but we realized it doesn't work well in our environment (our servers auto deploy and shut down based on load). What should we use that covers PCI DSS on AWS (hopefully it's...

    ITKE364,045 pointsBadges:
  • Timeout SSH sessions after inactivity for PCI compliance

    For PCI DSS requirements, if a session is idle for more than 15 minutes, the user will have to re-authenticate to re-activate the terminal or session. So, because of this, we had to deal with SSH sessions that are idling at the bash prompt by enforcing a global $TMOUT of 900. But we realized that...

    ITKE364,045 pointsBadges:
  • Is there a payment gateway that doesn’t require PCI compliance?

    Recently, I've been looking to use Authorize.NET (CIM and DPM solutions). However, we can't reference a CIM profile in the DPM. Basically, I need to become PCI compliant because this handles credit cards. Here's my question: Is there something similar to Authorize.NET that allows our site to never...

    ITKE364,045 pointsBadges:
  • Apache SSLCipherSuite continues to fail in PCI compliance scan

    We have a Fedora server that's running on Apache to pass a PCI DSS compliance scan by McAfee. Here's what we used for the default SSLCipherSuite and SSLProtocol. SSLProtocol ALL -SSLv2 SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP So it failed because of weak ciphers. We changed it...

    ITKE364,045 pointsBadges:
  • OST files

    We are migrating users from one exchange server to another. the users sit in remote sites and use very slow links to connect to the exchange server. Is it possible to use the old ost on the pc for the new exchange server instead of recreating the ost with the new exchange server, which can take...

    PaulBone10 pointsBadges:
  • PCI compliance: Disable AUTH on Port 25

    Due to PCI compliance, we have to disable plaintext authentication. We were able to do this through encapsulating communications between our mail server and clients with TLS on port 465. Here's where the problem is: Port 25 has to remain open / unencrypted for us to receive mail, but it shouldn't...

    ITKE364,045 pointsBadges:
  • Use IMEI to retrieve present phone number

    Please, I need a solution or tool to help me use IMEI to retrieve present phone number, and geolocate my lost phone. I will be very grateful if any body can help.

    mariyom5 pointsBadges:
  • Should I worry about my POS system terminal for PCI compliance?

    I've been getting into PCI DSS lately (because my organization asked me too). Our company accepts payments using a POS terminal that's connected to the Internet though the office LAN. Our terminal isn't integrated with any payment processing apps, just paper receipts. Should I worry about PCI...

    ITKE364,045 pointsBadges:
  • PCI DSS: Enforce password management for ASP.NET

    I've been working on our PCI DSS assessment. I already know that passwords must be changed every 90 days / different than previous passwords. But I'm not sure if this is for access to the server or to the app we provide to users on the server. If it's the second part, can we enforce this in ASP.NET...

    ITKE364,045 pointsBadges:
  • Is there a non-US PCI compliant service that stores credit card info?

    We're working on a website that would allow our users to pay with their credit cards. We're outside of the country so we can't use a normal merchant account (like Braintree). Does anyone happen to know of a credit card service that would allow us to store credit card info and access them through an...

    ITKE364,045 pointsBadges:
  • Storing a shipping address for PCI compliance

    From what I understand, storing a shipping address would be okay for PCI compliance right? Do configuration standards include requirements for a firewall at each Internet connection? Is there a process for approving and testing all external network connections? I'm leaning towards no but I need to...

    ITKE364,045 pointsBadges:
  • Where can I learn the basics of information security?

    Hi, I'm 16 years old and I was thinking about following a career in information security and I just can't find any good place to teach me the basics of this and school doesn't help me at all cause we are not teached anything like that. Thanks for your time and have a good day!

    Andrei265 pointsBadges:
  • I forget my password

    How can I reset my password

    loriandskip3215 pointsBadges:
  • How to use payment gateway integration to avoid PCI compliance

    My client has an e-commerce which accepts payments through a payment gateway integration that transfers the control to payment gateways. But it knows that it needs to be PCI compliant for accepting credit card information. Instead, could our client use stripe payment gateway / integration that it...

    ITKE364,045 pointsBadges:
  • Cross-site scripting issue for PCI compliance

    For one of our client's websites, they're trying to pass PCI compliance test but the testing company notified us of a vulnerability that we can't figure out. Here's what they told us: The issue here is a cross-site scripting vulnerability that is commonly associated with e-commerce applications....

    ITKE364,045 pointsBadges:
  • Will IIS 7 automatically use SSL 3.0?

    We're running a Windows Server 2008 with IIS 7. I need to use SSL 3.0 for our PCI compliance but from what I was told, we should disable SSL 2.0. But if I need to do this, will IIS automatically use SSL 3.0? Thanks!

    ITKE364,045 pointsBadges:
  • Best solution for PCI DSS compliance

    We're currently comparing solutions for PCI DSS compliance including: Splunk, RSA enVision, ArcSight, etc. But we're not sure what to do with. Has anyone had any experience with these programs? Our PCI system is a small segmented network with 5 hosts and our machines will be running Linux. Thanks!

    ITKE364,045 pointsBadges:
  • SQL Server rotation of keys for PCI compliance

    I understand that PCI compliance requires annual rotation of keys. So, I have 16 databases across 3 servers (with multiple tables in each database). And it's going to get bigger. If I did this manually, it would make my data unreadable. Is there a software to do this?

    ITKE364,045 pointsBadges:
  • Website monitoring suggestions?

    Suggestions for website monitoring? Is there something that monitors for security vulnerabilities?

    NewnanIT1,110 pointsBadges:
  • What’s a good open source static source code analysis tool?

    My department needs an open source static source code analysis tool that's going to be used for security testing on an Android app. We need to make sure the app is PCI compliant. Anyone know of a software that we can use for this?

    ITKE364,045 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following