Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pci-dss]

The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide security standard that was formed with the support of credit card companies to align their security standards.

The Payment Card Industry Data Security Standard (PCI DSS) is a worldwide security standard that was formed with the support of credit card companies to align their security standards.

155 questions
0
votes
2 answers

Scanning Vendors (non-PCI related) - Hype or Not?

For months now, when building websites for clients, I've come across virtually trillions of "Site Security Scanners" supposedly endorsed/approved by various shared web hosts who claim to run XSS, SQL injections, spam measures, and other checks, all…
theonlylos
  • 121
  • 4
0
votes
2 answers

Disabling weak ciphers on Windows 2003

For PCI-DSS compliance you have to disable weak ciphers. PCI-DSS permits a minimum cipher size of 128 bits. However for the highest score (0 I believe) you should only accept 168 bit ciphers but you can still be compliant if you permit 128 bit…
Kev
  • 7,877
  • 18
  • 81
  • 108
0
votes
1 answer

Configuring a SonicWall TZ100 to protect VM (virtual machines) for PCI compliance

I'm currently running VMWare ESX 4 with several virtual machines. One of these VMs needs to be PCI-DSS compliant, and more may need compliance in the future. In other words, I don't want to allow any LAN-LAN traffic. I currently have a SonicWall…
matt
  • 101
  • 1
0
votes
3 answers

PCI scan findings and problems with week ciphers on ports 993, 443, 995, 465

From PCI scan results: Synops is : The remote service encrypts traffic using a protocol with known weaknesses . Description : The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic…
Greg Alexander
  • 145
  • 1
  • 6
0
votes
2 answers

How can I stop SMB on Windows 7 null authenticating?

This is a nasty question to be asking but we're really desperate. By which I mean we have about four hours to fix this or dire consequences will follow. We have a PC for card processing in our office running Windows 7, it's intended to be secure in…
One Monkey
  • 179
  • 1
  • 11
0
votes
3 answers

Rails 3.0 - PCI compliant?

Does anyone know if Rails 3.0 passes PCI compliance scans?
Brian
  • 135
  • 8
0
votes
2 answers

Single solution for website datacenter networking

I am looking at different solution for datacenter need of a web application. Below is my requirement. I would first like to have a solution which offers it all in one box to have it as simple as possible Edge Firewall(as we only have web…
mamu
  • 342
  • 1
  • 7
  • 18
0
votes
0 answers

PCI scanning and old certificates IIS 10 - Server 2019

Although this has never been a problem before, our PCI scanning provider is now throwing the toys out if it finds some old certificates, the fact the correct current one is showing when the user comes in via the domain name notwithstanding. I…
gchq
  • 363
  • 1
  • 4
  • 15
-1
votes
1 answer

SSL Certificate - Self-Signed Certificate

I'm trying to get PCI compliant and the PCI scanning company is showing below Fail scan report SL Certificate - Self-Signed Certificate SSL Certificate - Self-Signed Certificate port 25/tcp over SSL IMPACT: By exploiting this vulnerability, an…
GBD
  • 131
  • 2
  • 8
-1
votes
1 answer

What's blocking the PCI compliance scanner from scanning my site?

(I am not sure if this question fits in serverfault.com. If not, forgive me.) I maintain my client's ecommerce website and the credit card processing company requires PCI compliance. For that, our site needs to be scanned. I had to whitelist the…
Sam Kong
  • 883
  • 1
  • 8
  • 10
-1
votes
2 answers

How to mask(alter) the apache version info

I am running a Apache Server version 2.22, which is upto date, but the PCI compliance report shows an error message, saying the apache version is obsolete and must upgrade it to latest version. I am on Ubuntu 12.04.5 LTS my apache version: Server…
shrish
  • 275
  • 2
  • 3
  • 9
-1
votes
1 answer

Hidden Directory Detected

My company web application had a penetration testing done and there's a risk found is regarding the hidden directory: http://example.com/aux/ http://example.com/cgi-bin/ http://example.com/com1/ http://example.com/com2/ http://example.com/com3/ I…
John
  • 91
  • 2
  • 2
  • 7
-1
votes
1 answer

PCI scanning failing because of backups files available

PCI scanning reports the below issue for my Joomla site: "It is possible to retrieve file backups from the remote web server" I've checked it manually by accessing http://example.com/component/user/~ Basically it does not throw 404 error while…
Kesav
  • 1
-1
votes
4 answers

PCI Compliance Scans

I'm hoping to find a piece of software to assist me in catching PCI compliance failures in advance of the actual ASV scans. I would much prefer to run the scans against myself before I request another company to do so. Is there any software out…
Mythril
  • 101
  • 3
-1
votes
1 answer

Win XP Pro, IIS 5.1, PCI Compliance

I have a client that was scanned and determined not to be PCI Compliant. I looked and they had IIS setup to allow a program from central office to push/pull info from their server. Many of the reasons they failed appeared to have been fixed in SPs…
Mudman266
  • 13
  • 3
1 2 3
10
11