PCI Compliance-Code Review or Web Application Firewall

Payment Card Industry (PCI) – Data Security Standard is standard set based on a consensus based process led by 5 major credit card companies. It is not a government enforced standard and compliance is enforced by the credit companies.

Non-compliance results in higher fees and severe fines in the event of breach. All merchants and service providers collecting and processing credit card transactions are required to comply with the PCI-DSS. Version 1.2 of the standard was released in October 2008.

Section 6.6 of the PCI-DSS requires that for all public-facing applications, new threats and vulnerabilities should be addressed on an on-going basis and ensure that the applications are protected against know attacks.

Continue reading “PCI Compliance-Code Review or Web Application Firewall”

Audit of Solaris BSM – An Overview

Basic Security Module or BSM is the audit tool used by Solaris Operating System. The BSM files are located in the /etc/security directory. To enable the BSM, the administrator has to run the bsmconv script. This script creates a number of files in the /etc/security directory. In this article we shall discuss two important files that are created viz. Audit Control File and Audit User File Continue reading “Audit of Solaris BSM – An Overview”

US loses one laptop every 50 seconds in its airport!!

Imagine the situation of losing one’s laptop. What is the cost? It involves not only losing a significant expense but also the data stored in it which may range from personal data like photos, important numbers, music, software etc to corporate data where the cost involved could be unimaginable. A recent survey conducted by  Dell and Ponemon Institute reveals that upto 12000 laptops are stolen in the United States Airport every week. This means one laptop is getting stolen every 50 seconds approximately!! Continue reading “US loses one laptop every 50 seconds in its airport!!”