Nathan, Just an FYI so I can open your eyes a bit more.
Your web server (relational-data.com) running PHP 5.2.5, Apache 2.0.63 currently has 92 PHP security vulnerabilities, and 17 Apache security vulnerabilities.
Still feeling confident in housing your card holder data on that same box and 100% confident that there is no way to get at card holder data on that box if it existed or would you do what the PCI guidelines are stating and separate that box out into different primary functions to mitigate exposure risks from the above 92 PHP and 17 apache vulnerabilities?
The correct answer is to split them out.
The reasoning is so simple I can understand why you are missing the point. You can NOT trust software is written 100% bug free. Therefore to minimize risk in the software stack you split things out as to lessen the blow when things do get exploited.
From: Nathan Andelin [mailto:nandelin@xxxxxxxxx]
Sent: Tuesday, September 03, 2013 4:17 PM
To: Midrange Systems Technical Discussion
Subject: Re: iSeries public WEB access, PCI security issues
From: Matt Olson
So your logic is still not living up to the intent of the PCI guidelines.
Actually, I'm the only one in this discussion who has referenced the PCI Guidelines. Your only reference was a VMware document. I suppose you posted it because you associate server farms with PCI even though you began this discussion with a denial of that. Most vendors maneuver to convince an audience that they are compatible with PCI. But you're better served by going to the source.
It's because TCP/IP server daemons might be exploited, that I suggest running them under IBM i, which is LESS vulnerable, more stable, and easier to secure. It appears that you are misinterpreting PCI Guidelines.
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l