Posts Tagged: PCI

PCI DSS and SSL v 3

With widespread and disastrous SSL/TLS vulnerabilities taking place such as POODLE and FREAK, SSL and early TLS versions are no longer considered strong cryptography and any web site that still uses them is insecure. According to the new rules in PCI DSS v3.1, companies have until June 30, 2016 to update to a more recent… Read more »

Server cabinet door alarm

The first step in securing servers is to ensure that they are physically as secure as possible and and then monitored for unauthorized access  Many times when setting up servers in a small office or co-location facility many people have their systems in a locking cabinet within a moderately secured physical building.  However a determined… Read more »

Anti Virus and PCI Compliance

Last year PCI DSS 1.2 was released changing the intent of the controls required for anti-virus software. In version 1.1 anti-virus software was only required for systems commonly affected by viruses and excluded UNIX based operating systems and mainframes. Version 1.2 now requires all operating system types commonly affected by malicious software be protected and… Read more »

Amazon confirms EC2/S3 does not meet PCI guidelines

If your business requires PCI compliant hosting services because you store, transmit or process cardholder data, hosting in the cloud may not be for you.  Most cloud providers do not have the controls or processes in place to protect sensitive cardholder data or the willingness to enter into required business arrangements with merchants.  Because of… Read more »