Anti Virus and PCI Compliance

Last year PCI DSS 1.2 was released changing the intent of the controls required for anti-virus software. In version 1.1 anti-virus software was only required for systems commonly affected by viruses and excluded UNIX based operating systems and mainframes. Version 1.2 now requires all operating system types commonly affected by malicious software be protected and removes the exclusion for UNIX and mainframes. These changes now open the requirement for protection from “malicious software” such as worms, trojans, adware, spyware or any “malicious software”. (more…)

InterWorx Hosting Control Panel 4.1.0 Upgrade

The dedicated team at InterWorx has released Hosting Control Panel 4.1.0.

This is the first release of the 4.x series that will be automatically applied to all current InterWorx servers, versions 3 and higher. All InterWorx servers that have auto-updates enabled can and should receive this update.

Kerio MailServer for Windows 7

On October 7, ServerWatch covered Kerio MailServer’s certification for Windows 7 and Mac OS X 10.6. “Kerio’s groupware extension of Microsoft Outlook, Kerio Outlook Connector, is also updated for Windows 7…In addition to Windows 7 support, Kerio added support for Mac OS X 10.6 Snow Leopard, iPhone 3.1 and iPod Touch 3.1.1 in late September.”

Allow Kerio Mail Server Support for Any ActiveSync-Enabled Mobile Device

Most modern mobile devices are capable of synchronizing email, contacts, calendars, and tasks “over-the-air” via the Microsoft ActiveSync protocol. Since November of 2006, Kerio MailServer has been able to synchronize with most mobile devices which support the ActiveSync protocol. As a measure of quality assurance, any new device which implements the ActiveSync protocol must be thoroughly tested against Kerio MailServer before it is officially supported. This means that Kerio MailServer maintains an internal list of officially supported devices, and any device not in this list will be denied synchronization.

PCI Compliant Hosting – Are you sure your host knows what PCI is and what they are selling?

I recently had a discussion with a potential customer on why they should work with ZZ Servers instead of one of the now hundreds of other hosting providers offering PCI “compliant” hosting services. After spending the last 5 years doing PCI Level 1 validations I have run into many areas that hosting providers just do not get PCI and what hosting providers need to know to provide secure & compliant hosting. I have also been able to compile a list of questions that I can use to determine if they are just trying to sell a service or really provide a PCI solution.