There are alternatives to TripWire, of course... - Verisys - http://www.ionx.co.uk/ - CimTrak - http://www.cimcor.com/cimtrak-home - Various - http://www.windowsecurity.com/software/file-integrity-checkers/
It's going to cost something, but it is a worthy investment if you need to be PCI compliant, or have other similar sensitive data to protect. *ASB *(Professional Bio <http://about.me/Andrew.S.Baker/bio>) *Harnessing the Advantages of Technology for the SMB market... * On Wed, May 18, 2011 at 5:00 PM, Greg Olson <[email protected]> wrote: > Hi all, > I have a quick question on pci compliance and how you guys\gals are > handling it for servers you have that take credit card data? > We have a small amount of servers that basically host the web code to take > cc info and its then passed on directly to the processor. Nothing stays on > the server at any time, but we would like to be able to pass a pci audit on > these servers which requires that we have "automated" software that monitors > and detects changes in the log files, and software that monitors key files > (windows directories, and our app directories) for any changes and sends out > an alert. > We're looking at Tripwire product, but they seem pretty expensive for the > small amount of servers we're talking about. > Any thoughts? > > Thanks in advance. > -Greg > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
