Network and Storage Protocols

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Network and Storage Protocols

Ask a Question

PCI options?

chsaunders
‎2010-02-22 08:29 AM
3,454 Views

Good day,

Are there any options for PCI DSS compliance?  How do I not only ensure the data is securely encrypted and only accessed by individuals who need to access it, but provide an auditable record of all actions (including reads!) on the encrypted data?


Thank you,

0 Kudos
View By:
3 REPLIES 3

jcarreon10
‎2010-02-22 02:17 PM
3,454 Views

The PCI-DSS 1.2.1 standard publishes a document (attached here) that outlines the 12 different requirements the standard calls for.  It goes into all the details per section so customers can make their own assessment before any audits are necessary.

  1. Requirement 1 - Install and mantain a firewall configuration to protect cardholder data.
  2. Requirement 2 - Do not use vendor-supplied defaults for the system passwords and other security parameters.
  3. Requirement 3 - Protect stored cardholder data.
  4. Requirement 4 - Encrypt transmission of cardholder data across open, public networks.
  5. Requirement 5 - Use and regularly update anti-virus software programs.
  6. Requirement 6 - Develop and mantain secure systems and applications.
  7. Requirement 7 - Restrict access to cardholder data by business need to know.
  8. Requirement 8 - Assign a unique ID to each person with computer access.
  9. Requirement 9 - Restrict physical access to cardholder data.
  10. Requirement 10 - Track and monitor all access to network resources and cardholder data.
  11. Requirement 11 - Regularly test security systems and processes.
  12. Requirement 12 - Maintain a policy that addresses information security for employees and contractors.
Preview file
3525 KB
0 Kudos

chsaunders
‎2010-02-23 05:36 AM
In response to jcarreon10
3,454 Views

thanks for that.

My question is related to what is listed as requirement 10.  I'll confess to be posting as a result of the "win a kindle" contest, but I'm interested to understand if there is are any solutions from brocade or netapp that provides for reporting on access to encrypted filesets.  A specific example - if I have a windows fileshare hosted on a netapp aggregate/volume, can I leverage these encryption options to both a) encrypt and b) monitor access to the files on the encrypted fileshare?  By "monitor access" I mean monitor reads and writes.

0 Kudos

BrendonHiggins
‎2010-02-23 06:28 AM
In response to chsaunders
3,454 Views

If you are talking about Windows LUNs you need to turn on windows security logging on the server as the NetApp SAN will only see "Windows Server connect to LUN" and this proves nothing.  If you have Windows shares on your filer you need to turn on CIFS auditing on your filer.

Have a look at this:

http://now.netapp.com/NOW/knowledge/docs/ontap/rel727_vs/html/ontap/filesag/accessing/task/t_oc_accs_configuring_Data_ONTAP_for_CIFS_auditing.html

Hope it helps

Bren

0 Kudos
All Community Forums
Public