Live chat

PCI DSS

26th November 2013

in Load Balancing

Why did my Loadbalancer just fail the PCI compliance test?

Posted by Aaron West 26th November in Load Balancing

Let me first say that I'm not really a fan of PCI scanners. It's not so much that I'm anti security scanners but rather that scanning for vulnerabilities based on only the version number a package returns seems rather simplistic to me. However, what should I do if my PCI scanner reports that the Apache version running the WebUI on my appliance is too old?

Continue reading...
9th March 2012

in PCI DSS

For any poor sod who needs to deal with the PCI Data Security Standard (PCI DSS)

Posted by Malcolm Turnbull 9th March in PCI DSS

Any engineer dealing with PCI DSS compliance issues probably looses a little bit of the joy in life :-). Now don't get me wrong, The PCI DSS has a laudable aim and is written quite well and mostly sensibly but like the bible is open to a vast amount of interpretation... So lets start with the fundemental issue: Q. Is my load balancer secure? A. If you have  Firewalled port 22 (SSH) and 9080/9443 (Loadbalancer.org admin ports) then YES IT IS SECURE -  job done, go home.

Continue reading...