On 25 Aug 2009 14:14:56 -0700,
hmerr...@jackhenry.com (Hal Merritt) wrote:
>VPN is a good solution, but not PCI compliant.
That statement just doesn't make sense, and even verges on being
factually incorrect. The current PCI DSS document, version 1.2.1,
_explicitly_ mentions VPN as an approved technology:
2.3 Encrypt all non-console administrative access. Use technologies
such as SSH, VPN, or SSL/TLS for webbased management and other
non-console administrative access.
8.3 Incorporate two-factor authentication for remote access
(network-level access originating from outside the network) to
the network by employees, administrators, and third parties. Use
technologies such as remote authentication and dial-in service
(RADIUS); terminal access controller access control system
(TACACS) with tokens; or VPN (based on SSL/TLS or IPSEC) with
individual certificates.
--
Eric Chevalier E-mail: et...@tulsagrammer.com
Web: www.tulsagrammer.com
Is that call really worth your child's life? HANG UP AND DRIVE!
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
