Snort mailing list archives
Using snort in an PCI DSS environment
From: elof () sentor se
Date: Wed, 20 Nov 2013 15:03:47 +0100 (CET)
Anyone here using a snort sensor in an PCI environment? I'm wondering about PCI compliance regarding logging of potential card numbers... Say I have a snort sensor in a PCI environment. Nothing in the sensor is configured to detect and log card numbers on purpose. Only normal IDS-rules are enabled. Do PCI still force me to encrypt the harddrive just because there is a possibility that a card number *could* accidentally be logged? What do your QSA say? Yes, the sensor's HDD is in scope and must be encrypted. or No, a few potential card numbers, logged by accident, does not count. It's like saying you need to encrypt your mailserver's harddrive just because someone can e-mail you card numbers even though you haven't asked for them. /Elof ------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Using snort in an PCI DSS environment elof (Nov 20)
- Re: Using snort in an PCI DSS environment James Lay (Nov 20)
- Re: Using snort in an PCI DSS environment elof (Nov 20)
- Re: Using snort in an PCI DSS environment James Lay (Nov 20)
- Re: Using snort in an PCI DSS environment elof (Nov 21)
- Re: Using snort in an PCI DSS environment James Lay (Nov 22)
- Re: Using snort in an PCI DSS environment elof (Nov 20)
- Re: Using snort in an PCI DSS environment James Lay (Nov 20)
- Re: Using snort in an PCI DSS environment elof (Nov 20)
- Re: Using snort in an PCI DSS environment John Millican (Nov 20)