Best Practices to keep the server PCI compliant

Nixtree

Well-known member
Joined
Jul 16, 2016
Messages
120
Best answers
0
Ratings
40 4
Points
28
#1
Hi Guys

I wish to have a discussion about things we need to take care to make a entire server PCI compliant like all services Exim/Dovecot/Nginx/Apache etc .

Mainly I wish to have a discussion on the Ciphers and what all strong ciphers we should use at the moment to have a server PCI complaint so that it will be a help for all others as well if we use this forum periodically so that this thread will become a reference point for all those who need latest set of details. One thing we need to do is remove all old protocols except TLS1.2 and only use TLS1.2 and higher.

How much care we should give while disabling a Protocol or removing one or some set of Ciphers from the services like EXIM/Dovecot etc .



"
 
Joined
May 9, 2018
Messages
16
Best answers
0
Ratings
12 6
Points
3
#2
I too would be interested in this.

Something that we can use to scan all of our servers to see how PCI compliant the web facing software is on the server. And something we can routinely check, so that we can stay on top of server related PCI issues.

Unfortunately, this won't stop someone from storing credit card information in plain text in a text file or database on the server. That's what the PCI survey is for.

But to get an idea of what TLS ciphers may be problematic or things as they relate to the server's well-being, that would be nice to have.

Ideally something free or low cost that can be run every 3 to 6 months for each server to make sure it's staying compliant.
 
Latest Threads
Replies
0
Views
6
Replies
5
Views
25
Replies
0
Views
1
Replies
2
Views
27
Recommended Threads
  • Locked
Replies
8
Views
4,997
Replies
7
Views
2,691
Replies
16
Views
2,061

Latest postsNew threads

Latest Hosting OffersNew Reviews

Sponsors

Latest Blog ArticlesMost Viewed Threads

Top