Announcement

Collapse
No announcement yet.

Management Console that is PCI compliant

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Management Console that is PCI compliant

    I need to lead one of my clients through PCI DSS compliance. I am currently carrying out a Gap analysis and then will implement necessary changes and then get an ASV in after submitting a QSA.

    Has anyone been thorugh this already.

    I mainly posted this to ask if anyone knows a good management tool, preferabally Microsoft, that will give me an overview of the system in one place. All computers Event viewers, general health, WSUS patch level, Mcafee AV patch level by querying mcafee e-policy orchestrator 4.

    For this client, I have:

    XP SP3 x 60. Vista x 2 with SP1. 2 x 2k3 Standard 32 bit, 2 x 2k3 R2, one 32 bit and the other 64 bit and 2 x 2k3 Standard 64 bit.

    Applications running are a ticketing system that runs from a SQL database.

    Sage running on SQL Server Express 2005 edition.

    Exchange 2007 running on 1 64 bit 2k3 R2 server.

    2 DCs, each a GC and both with AD integrated DNS.


    Any help appreciated.

  • #2
    Re: Management Console that is PCI compliant

    1. Maybe Spiceworks could do the job.

    2. What is PCI DSS, ASV, and QSA? Is it similar to ROI, TCO, or TGIF?

    Comment


    • #3
      Re: Management Console that is PCI compliant

      Ok, I know quite a lot of abbreviations but now I'm lost....
      Marcel
      Technical Consultant
      Netherlands
      http://www.phetios.com
      http://blog.nessus.nl

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"

      Comment


      • #4
        Re: Management Console that is PCI compliant

        Thanks for the post Joe and Marcel.

        PCI DSS compliance is as security standard that any company who proceses or stores card transactions such as Visa and Mastecard, have to adhere to. If they don't, they can face a fine and financial implications.

        QSA is self assessment you have you have to submit stating that you feel you have met the reuirements.

        An ASV is a 3rd Party who is permitted to PCI test a company to check they meet the standards.

        https://www.pcisecuritystandards.org/

        Think it is a UK standard to adhere to. Not sure whether it is required elsewhere.



        BTW, what s ROI, TCO, or TGIF?

        Comment


        • #5
          Re: Management Console that is PCI compliant

          Thanks for the info. As far as the acronyoms:

          ROI = Return on Investment
          TCO = Total Cost of Ownership
          TGIF = Thank Goodness It's Friday

          (that last one was meant to be funny)

          Comment


          • #6
            Re: Management Console that is PCI compliant

            Tgif -

            Comment


            • #7
              Re: Management Console that is PCI compliant

              Originally posted by joeqwerty View Post
              1. Maybe Spiceworks could do the job.

              2. What is PCI DSS, ASV, and QSA? Is it similar to ROI, TCO, or TGIF?
              I've been looking in to the Spiceworks and looks a very good system to implement. Can this be installed on a DC. The DC currently hosts WSS 3 as well. I know installing on a DC is not ideal but there is no spare resources on other servers who have business critical systems even more important than AD, which would be easier to restore should I need to.

              Comment


              • #8
                Re: Management Console that is PCI compliant

                I suppose you could install it on a DC if you have no other choice.

                Comment


                • #9
                  Re: Management Console that is PCI compliant

                  Thanks Joe. I'll give it a go.

                  Have you had any issues with it. Does it use a lot of resources or has it ever negatively effected your network?

                  Comment


                  • #10
                    Re: Management Console that is PCI compliant

                    Virtual,

                    I wouldn't install it on the DC personally, especially if you want to adhere to the security standards you mention. I am not exactly sure what those Standards are, I'd have to admit, but as a best security practise I'd leave the DC alone.
                    You could instead set it up on a Vmware machine on a XP host.

                    Ta
                    Caesar's cipher - 3

                    ZKHQ BRX HYHQWXDOOB GHFLSKHU WKLV BRX ZLOO UHDOLVH LW ZDV D ZDVWH RI WLPH!

                    SFX JNRS FC U6 MNGR

                    Comment

                    Working...
                    X