On Fri, Oct 06, 2006 at 02:41:31PM -0400, stuartv wrote:
> Ryan,
>
> Thanks for your input. I have been gently pushing those who make
> the decisions here towards sftp for some time now; however,
> ultimately that is one decision that is out of my hands.
> According to the inspector that is do
Also, you could do the following:
1) Limit the scope of the PCI certification by placing all CC storing or
processing systems on a DMZ behind an appropriately configured firewall;
AND
2) make sure that your FTP server is outside of this DMZ.
This assumes that the FTP server does not contain
You can approach this a couple of ways
1. eliminate plaintext ftp all together. SSHv2 is an excellent free
replacement here or you can use FTP-SSL
2. restrict access to this service in your firewall by ip
3. put the ftp behind vpn
I'm a visa QDSP and these are a couple of things you could do.
On Fri, Oct 06, 2006 at 12:56:43PM -0400, stuartv wrote:
> Hello list,
>
> The company I work for is required to get PCI (Payment Card
> something-or-other) certified in order to keep doing some of the things that
> we
> are doing with credit card payments. When I started working here it was an
>
proftpd + mod_ban
Tobias
On 10/6/06, stuartv <[EMAIL PROTECTED]> wrote:
Hello list,
Hi!
However, now that we need this cert,
one of the few things still standing in the way is the requirement that we
set up
the FTP server to lockout (for 30min.) any account that fails to login 3
times in a row. I haven't been able to
On Fri, 2006-10-06 at 12:56 -0400, stuartv wrote:
> However, now that we need this cert,
> one of the few things still standing in the way is the requirement that we
> set up
> the FTP server to lockout (for 30min.) any account that fails to login 3
> times in a row. I haven't been able to find an
Ryan,
Thanks for your input. I have been gently pushing those who make
the decisions here towards sftp for some time now; however,
ultimately that is one decision that is out of my hands.
According to the inspector that is doing our PCI inspection the
only requirement we haven't met as reguar
> The company I work for is required to get PCI (Payment Card
> something-or-other) certified in order to keep doing some of the things
> that we are doing with credit card payments.
Payment Card Industry Data Security Standard
[snip]
> However, now that we need this cert, one of the few things
Hello list,
The company I work for is required to get PCI (Payment Card
something-or-other) certified in order to keep doing some of the things that
we
are doing with credit card payments. When I started working here it was an
all MS
shop, including the FTP server. In order to help secure things
10 matches
Mail list logo
