From: Matt Olson
PCI is not focused on intel servers.
"2.2.1 Implement only one primary function per server to prevent functions that require different security levels from co-existing on the same server. (For example, web servers, database servers, and DNS should be implemented on separate servers.)"
While there's no mention of Intel or Windows, PCI foments the idea that distributed application architecture is more secure, when in fact it is normally LESS secure because of the difficulty of administering multiple types of security, the disparity between security mechanisms, and the complexity of managing multiple environments.
Intel servers can perfectly house hundreds/thousands of applications
on a single box, just like the i.
You say Intel, but you must mean Windows or Linux wherein complex workloads tend to destabilize those environments.
However most people chose not to as it's a single point
That seems co support my assertion that complex workloads tend to cause Windows and Linux environments to fail. I'd be interested in hearing a rebuttal.
From: DrFranken [mailto:midrange@xxxxxxxxxxxx]
Sent: Thursday, August 29, 2013 12:54 PM
To: Midrange Systems Technical Discussion
Subject: Re: iSeries public WEB access, PCI security issues
I agree, FUD.
I seem to recall that PCI says you cannot store Credit Card numbers for more than 3 days period and even if you do they must be encrypted. Most of the folks I work with that do Credit Card transactions store only the last four digits for any length of time.
And while I won't list them I know of MANY companies who's IBM i servers are connected directly to the internet with web and database on the same server. PCI seems to be interpreted to focus on Intel based systems where proliferation of servers is needed to support staff size and Microsoft and Oracle revenue streams.
- Larry "DrFranken" Bolhuis
On 8/28/2013 10:58 AM, rob@xxxxxxxxx wrote:
I question whether someone says PCI rules don't allow this as FUD
rather than fact.
You're probably not interested in how we serve up our public
accessible parts of our website that require login's for customers and
suppliers that are Domino based...
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l