RE: PCI compliance

, Edward [mailto:ezi...@lifespan.org] Sent: 23 September 2011 21:12 To: NT System Admin Issues Subject: RE: PCI compliance Honestly, it really comes down to what your QSA evaluates your controls at, on whether you meet the standard of PCI compliance or not. Z Edward E. Ziots CISSP,

RE: PCI compliance

Some merchant service companies require quarterly. (BB&T) Sean Rector, MCSE From: David Lum [mailto:david@nwea.org] Sent: Friday, September 23, 2011 2:01 PM To: NT System Admin Issues Subject: PCI compliance For a site to be PCI compliant, is it an annual review process, or once PC

RE: PCI compliance

Goldoff [mailto:egold...@gmail.com] Sent: Friday, September 23, 2011 3:17 PM To: NT System Admin Issues Subject: Re: PCI compliance may depend on which of the 4 merchant levels the business falls under. When I was Ham Boy, we had a QSV scan and recertify our external IPs every month, but we

Re: PCI compliance

may depend on which of the 4 merchant levels the business falls under. When I was Ham Boy, we had a QSV scan and recertify our external IPs every month, but we only had the big full review yearly for the entire business. On Fri, Sep 23, 2011 at 2:00 PM, David Lum wrote: > For a site to be PCI

RE: PCI compliance

We have quarterly scans for compliancy. From: David Lum [mailto:david@nwea.org] Sent: Friday, September 23, 2011 12:01 PM To: NT System Admin Issues Subject: PCI compliance For a site to be PCI compliant, is it an annual review process, or once PCI always PCI or ?? Surely someone here knows

RE: PCI compliance

I wouldn't think it's always compliant. The game rules change. Now there's PCI-2. From: David Lum [mailto:david@nwea.org] Sent: Friday, September 23, 2011 1:01 PM To: NT System Admin Issues Subject: PCI compliance For a site to be PCI compliant, is it an annual review process, or once PCI

RE: PCI compliance

Thanks everyone! Dave -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: Friday, September 23, 2011 11:14 AM To: NT System Admin Issues Subject: Re: PCI compliance There are three levels of PCI compliance depending mostly upon how many transactions you

Re: PCI compliance

There are three levels of PCI compliance depending mostly upon how many transactions you process. It is a yearly thing for all though. Bill David Lum wrote: For a site to be PCI compliant, is it an annual review process, or once PCI always PCI or ?? Surely someone here knows off the top of

RE: PCI compliance

Here, it's an ongoing thing, but "officially" a yearly certification. But, we have tools that scan for vulnerabilities (within the PCI framework) all the time, so it's always a work in progress. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterp

RE: PCI compliance

At least annual. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: David Lum [mailto:david@nwea.org] Sent: Friday, September 23, 2011 2:01 PM To: NT System Admin Issues Subject: PCI compliance For a site to be PCI compliant, is it an annual review p

RE: PCI compliance

: Wednesday, February 10, 2010 11:11 AM To: NT System Admin Issues Subject: RE: PCI compliance I haven't made the changes yet, Richard. But, yes, those are the changes I'd make. I was just wondering if anybody had made the change and ran into a problem. In 'googling', I ran a

RE: PCI compliance

Now, I've run into a snag. Changed all my servers but now they're saying my firewall is failing. Which is ridiculous for obvious reasons. ugh. Subject: RE: PCI compliance Date: Wed, 10 Feb 2010 16:42:03 -0500 From: ezi...@lifespan.org To: ntsysadmin@lyris.sunbelt-so

RE: PCI compliance

2010 13:42:41 -0800 Subject: Re: PCI compliance From: sep...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com To be honest I really like IE8 and have been tending to use that over Firefox in many cases. So really if you need to get off IE6, just get the internal app testing with IE7 or IE8

RE: PCI compliance

arted. Regards Tony Patton Desktop Operations Cavan Ext 8078 Direct Dial 049 435 2878 email: tony.pat...@quinn-insurance.com From: "John Aldrich" To: "NT System Admin Issues" Date: 10/02/2010 19:10 Subject: RE: PCI compliance IE6 is severely out of date. If that?s the best som

Re: PCI compliance

you could. > > > > Z > > > > From: John Aldrich [mailto:jaldr...@blueridgecarpet.com] > Sent: Wednesday, February 10, 2010 2:10 PM > To: NT System Admin Issues > Subject: RE: PCI compliance > > > > IE6 is severely out of date. If that’s the best someone has, tel

RE: PCI compliance

: PCI compliance IE6 is severely out of date. If that's the best someone has, tell them they need to upgrade. I wouldn't worry about IE6 compatibility at this point, considering how long it's been since IE6's replacements have been available! From: paul d [mailto

RE: PCI compliance

, February 10, 2010 2:06 PM To: NT System Admin Issues Subject: Re: PCI compliance How did you go about it? The registry changes at [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\S CHANNEL\Protocols\SSL 2.0] and [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control

Re: PCI compliance

-Aldrich][image: Tile-Tools] > > > > *From:* paul d [mailto:pdw1...@hotmail.com] > *Sent:* Wednesday, February 10, 2010 3:07 PM > > *To:* NT System Admin Issues > *Subject:* RE: PCI compliance > > > > Great, thanks for the reply. > Agreed about IE6. Frankly, I

RE: PCI compliance

Yes, I have ran into this on some audits, and done work on detecting this SSL based systems ( namely) IIS/Apache and the HP System Management Home page that I just got done working on. IE 6.0 supports SSLv3 and TLS1.0 which is what they are probably looking for when they dinged you for th

RE: PCI compliance

3:07 PM To: NT System Admin Issues Subject: RE: PCI compliance Great, thanks for the reply. Agreed about IE6. Frankly, I'd like to get rid of IE completely and run FF on all desktops like I do on my desktop. Unfortunately, some s/w can only use IE. _ To: ntsysadmi

RE: PCI compliance

Great, thanks for the reply. Agreed about IE6. Frankly, I'd like to get rid of IE completely and run FF on all desktops like I do on my desktop. Unfortunately, some s/w can only use IE. To: ntsysadmin@lyris.sunbelt-software.com Subject: Re: PCI compliance From: asbz...@gmail.com

Re: PCI compliance

We disabled that some months back without issue. There should be no connection issues. And get off of IE6   -ASB: http://xeesm.com/AndrewBaker Sent from my Verizon Smartphone -Original Message- From: paul d Date: Wed, 10 Feb 2010 13:57:29 To: NT System Admin Issues Subject: PCI comp

Re: PCI compliance

ody had made the change and ran into > a problem. In 'googling', I ran across a message from someone running SBS > that said disabling 2.0 would stop IE6 users from accessing that server. > > -- > Date: Wed, 10 Feb 2010 14:06:04 -0500 > Subject:

RE: PCI compliance

from accessing that server. Date: Wed, 10 Feb 2010 14:06:04 -0500 Subject: Re: PCI compliance From: rich...@gmail.com To: ntsysadmin@lyris.sunbelt-software.com How did you go about it? The registry changes at [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Pro

RE: PCI compliance

IE6 is severely out of date. If that's the best someone has, tell them they need to upgrade. I wouldn't worry about IE6 compatibility at this point, considering how long it's been since IE6's replacements have been available! John-AldrichTile-Tools From: paul d [mailto:pdw1...@hotmail.com]

Re: PCI compliance

How did you go about it? The registry changes at [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0] and [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers]? Is it only one user, and only on IE6? On Wed, Feb 10,

RE: pci compliance

Thanks Erik, I appreciate the response. Thomas From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 09, 2008 9:49 AM To: NT System Admin Issues Subject: RE: pci compliance Well, if things are still the same, level 4 merchants are only required to perform a self

RE: pci compliance

__ From: Thomas Gonzalez [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 09, 2008 8:38 AM To: NT System Admin Issues Subject: RE: pci compliance I want to thank all of those who sent information about the PCI Compliance. So when we start this (if HQ tells us to go this route) I’ll be sure to as

RE: pci compliance

PM To: NT System Admin Issues Subject: RE: pci compliance I have found that even the free cisecurity.org tools run on each server is a great place to start. A 50 page report on each server with all its pass/fails. I think the free one even offers you the regkey fixes, or mskb to fix each issue

RE: pci compliance

I see some good advice here already... email me offline if you want to describe your situation further _ From: Thomas Gonzalez [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 5:10 PM To: NT System Admin Issues Subject: RE: pci compliance Also, my CIO was just telling me

RE: pci compliance

il 08, 2008 6:37 PM To: NT System Admin Issues Subject: RE: pci compliance Maybe this will help: http://www.scanlesspci.com/ :-) From: Thomas Gonzalez [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 2:10 PM To: NT System Admin Issues Subject: RE: pci compliance Also, my CI

RE: pci compliance

Pen tests really aren't very high on the totem pole. One of the big things seems to be *when* you get hacked, who did it (logs), the database is encrypted if storing customer data, each process is on its own server (physical or virtual). All changes are logged, any failures on the security tests ha

RE: pci compliance

Maybe this will help: http://www.scanlesspci.com/ :-) From: Thomas Gonzalez [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 2:10 PM To: NT System Admin Issues Subject: RE: pci compliance Also, my CIO was just telling me, that next year we will be moving into a level 3. (this

RE: pci compliance

I have found that even the free cisecurity.org tools run on each server is a great place to start. A 50 page report on each server with all its pass/fails. I think the free one even offers you the regkey fixes, or mskb to fix each issue. Documentation is key. Im not sure what the different levels

RE: pci compliance

Also, my CIO was just telling me, that next year we will be moving into a level 3. (this is just another hat for my position; one person IT Shop) From: Thomas Gonzalez Sent: Tuesday, April 08, 2008 4:02 PM To: NT System Admin Issues Subject: RE: pci compliance Erik, we are a level 4

RE: pci compliance

Erik, we are a level 4. From: Erik Goldoff [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 2:45 PM To: NT System Admin Issues Subject: RE: pci compliance I've actually done some lectures, seminars, and webinars on PCI Compliance in addition to consulting, and your approach wi

Re: pci compliance

[EMAIL PROTECTED] > Sent: Tuesday, April 08, 2008 3:08 PM > To: NT System Admin Issues > Subject: RE: pci compliance > > I have a few clients that I do PCI audits for, they hold credit card data for > online processing so were required for it. There are some tools out ther

RE: pci compliance

Are the girl scouts taking credit cards for cookie purchases now? /thin mints and samoa's ftw From: Benjamin Zachary - Lists [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 08, 2008 3:08 PM To: NT System Admin Issues Subject: RE: pci compliance

RE: pci compliance

I have a few clients that I do PCI audits for, they hold credit card data for online processing so were required for it. There are some tools out there free/pay that you can look at www.cisecurity.org is a decent place to start. GFI makes a pci compliance package

RE: pci compliance

I've actually done some lectures, seminars, and webinars on PCI Compliance in addition to consulting, and your approach will be very specific to your environment. To start with, do you know your merchant level (1 to 4) ... you may need to ask some specific questions, or get some no-doze, as there

RE: pci compliance

I guided two of my customers through the process. The hardware and infrastructure is relatively easy. It's the applications that can be really tough, if you aren't use pre-certified software. Regards, Michael B. Smith MCSE/Exchange MVP http://TheEssentialExchange.com From: Thomas Gonz