× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. September 2013

RE: iSeries public WEB access, PCI security issues

Nathan, Just an FYI so I can open your eyes a bit more.

Your web server (relational-data.com) running PHP 5.2.5, Apache 2.0.63 currently has 92 PHP security vulnerabilities, and 17 Apache security vulnerabilities.

http://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-50739/PHP-PHP-5.2.5.html
http://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-66/version_id-80725/Apache-Http-Server-2.0.63.html

Still feeling confident in housing your card holder data on that same box and 100% confident that there is no way to get at card holder data on that box if it existed or would you do what the PCI guidelines are stating and separate that box out into different primary functions to mitigate exposure risks from the above 92 PHP and 17 apache vulnerabilities?

The correct answer is to split them out.

The reasoning is so simple I can understand why you are missing the point. You can NOT trust software is written 100% bug free. Therefore to minimize risk in the software stack you split things out as to lessen the blow when things do get exploited.

-----Original Message-----
From: Nathan Andelin [mailto:nandelin@xxxxxxxxx]
Sent: Tuesday, September 03, 2013 4:17 PM
To: Midrange Systems Technical Discussion
Subject: Re: iSeries public WEB access, PCI security issues

From: Matt Olson
So your logic is still not living up to the intent of the PCI guidelines.


Actually, I'm the only one in this discussion who has referenced the PCI Guidelines. Your only reference was a VMware document. I suppose you posted it because you associate server farms with PCI even though you began this discussion with a denial of that. Most vendors maneuver to convince an audience that they are compatible with PCI. But you're better served by going to the source.

It's because TCP/IP server daemons might be exploited, that I suggest running them under IBM i, which is LESS vulnerable, more stable, and easier to secure. It appears that you are misinterpreting PCI Guidelines.

-Nathan

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.