Pci-dss

[JonoB]

Arggg, dreaded PCI-DSS questionnaire

Driving me crazy....

Example:

Quote:

2.6 Is only one primary function implemented per server? (SAQ #2.2.1)

The "one primary function" rule applies to all servers that are in-scope and it must be part of the written configuration standard. Multiple primary functions (like: "web server", or "authentication server") cannot be running on a single system.

So what implications does this have for my dedicated server that runs webserver, database, etc?

[Rock]

Quote:

Originally Posted by JonoB

Arggg, dreaded PCI-DSS questionnaire

Driving me crazy....

Example:

Quote:

So what implications does this have for my dedicated server that runs webserver, database, etc?

Hi,

Whom is this PCI-DSS scanning being done from? ie: Cisco, Verizon? They are the strictest ones when it comes to such scanning. A more relaxed but valued scanning method can be performed from Hacker Guardian, McAfee, Comodo, etc. There are other vendors too which provide free PCI compliance scanning for your website/servers.. Regarding this query of having "one primary function" or one service per server, it's not mandatory & you can safely ignore it if it isnt listed as a Critical issue with the server security..

[RuthSam]

Does hackerSafe is offering free PCI scanning, I contacted them and they asked for roughly $1700... if you have a link for the free service it would be appreciated.

[Rock]

Quote:

Originally Posted by RuthSam

Does hackerSafe is offering free PCI scanning, I contacted them and they asked for roughly $1700... if you have a link for the free service it would be appreciated.

Did you try McAfee or HackerGuardian yet?

[RuthSam]

Sorry not yet, have been looking at McAfee, however, they are also not free as far as I know.

I'm in general not a big believer of Free PCI security scans, have been taking a trial with our current host which offered it for $50 compared to qualys who charge 10 times the fee I must say you also get 10 times the service and security level.

Anyway, I'm on to try some of the free services just to compare them and check if they are really doing what they say they do.