How To Become PCI Compliant In Under 10 Days With Your Linux Server

Posted by abefroman on Dec 13, 2010 11:34 AM EDT
YourPCIDSS.com; By Wayne C.
Mail this story
Print this story

Becoming PCI complaint can be a daunting task, and its certainly not something that can happen overnight. We figure the time line for this will generally be about 10 days at the fastest. We will be going over a road map of how you can accomplish this, and what you can expect along the way. Covering everything from getting your server PCI compliant, some of the software and open source Linux tools you can use to help with this. As well as getting scanned by a PCI approved scanning vendor.

Becoming PCI complaint can be a daunting task, and its certainly not something that can happen overnight. We figure the time line for this will generally be about 10 days at the fastest. We will be going over a road map of how you can accomplish this, and what you can expect along the way. Covering everything from getting your server PCI compliant, some of the software and open source Linux tools you can use to help with this. As well as getting scanned by a PCI approved scanning vendor.

Day 1-3: You will need to decide if you want to take care of the server setup yourself, or look for a full service PCI compliant host. There are a couple different routes you can go here. If you don’t have a database that stores credit cards a single server will work, so a dedicated server from any hosting company that has a secure datacenter will work. If you do need a database for credit cards then you will need two servers and some type of hardware firewall. Many hosts will provide this in an all-inclusive PCI package, or will have a firewall available as an addon. I recommend avoiding the cheapest hosting companies, as they usually provide a limited range of services, and their support can be limited. If you are going with an ala-carte server, you will need to harden it yourself and install the PCI required software, such as Snort or PSAD for intrusion detection, and AIDE for file integrity scanning.

Whether you dedicated to do this with your own server or go with a PCI all inclusive package, you will want to allow about 3 days for this. If your doing your own server it takes a day to order it and a couple days to set it all up. And if you order a preconfigured PCI server package, they usually have couple days lead time to set setup and customized for you.

Day 4-6: Once the server is ready you will want to move your files and database over. This will take 2-3 days, and you will want to set everything up under a test domain and double check everything before moving the DNS for your primary domain over. Probably the most time consuming part is if you have a credit card database, you will need to set this up on the private server, and change your config files for your front end scripts to connect to the private database server. After you test everything and its working OK, you can change your DNS over. Either by changing the nameservers or changing the A record so your site points the new IP.

Full Story

  Nav
» Read more about: Story Type: Editorial

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.