IDS mailing list archives
Re: PCI/DSS compliant Managed IDS
From: vijay.upadhyaya () gmail com
Date: 24 Aug 2007 07:43:25 -0000
it entirely depends on 2 things. 1. Is PCI data going to the 3rd party monitoring IDS/IPS? 2. Is there a way 3rd party can have access to PAN in the IDS/IPS logs? If answer is yes to this question , the machines accessing the IDS/IPS for monitoring purpose comes under the PCI scope. I would do following compensating controls for this. 1. Have separate link to the 3rd party monitoring the IPS. 2. Also make sure that they are coming through the firewall and firewall is allowing selected IP address to access the IDS/IPS. 3. IDS logs are encryted when stored on the disc. 4. 3rd party company should submit the background checks for the person monitoring the logs. 5. Finally SLA and NDA with the 3rd party confirming that the machine accessing the IDS/IPS is as per the standards provided by your company. (Standard document to be provided by us, which provides them list of available services, ports to be opened, registry settings, Account settings and other similar details. Hope this helps, Regards, Vijay Upadhyaya (TCPFIN) ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- PCI/DSS compliant Managed IDS marino . zini (Aug 23)
- RE: PCI/DSS compliant Managed IDS Craig Wright (Aug 24)
- RE: PCI/DSS compliant Managed IDS MH Michael Hammer (5304) (Aug 24)
- <Possible follow-ups>
- Re: PCI/DSS compliant Managed IDS ebk_lists (Aug 24)
- RE: PCI/DSS compliant Managed IDS Craig Wright (Aug 24)
- Re: PCI/DSS compliant Managed IDS vijay . upadhyaya (Aug 24)
- RE: PCI/DSS compliant Managed IDS Craig Wright (Aug 24)