GFI used to have a free/inexpensive SIM software ( System Integrity Monitor ) but don’t think that’s available anymore. But if you Google for ‘system integrity monitor free’ you’ll get a few hits on software you can test to see if it meets your needs. You’ll also need to have the web server hardened ( what version OS, what version IIS ??) and verification that you only collect card numbers under SSL connection, and that you only transmit them on to the processor also via secure channel ( ssl, ipsec, etc )
Hit me up offline if you don’t find what you need. I’ve brought a couple SMB retail organizations into PCI compliance and presented some lectures, webinars, and workshops on PCI compliance so I’ve got a sense of what can be done within budget. Erik Goldoff IT Consultant Systems, Networks, & Security ' Security is an ongoing process, not a one time event ! ' From: Greg Olson [mailto:[email protected]] Sent: Wednesday, May 18, 2011 5:01 PM To: NT System Admin Issues Subject: Question on PCI compliance Hi all, I have a quick question on pci compliance and how you guys\gals are handling it for servers you have that take credit card data? We have a small amount of servers that basically host the web code to take cc info and its then passed on directly to the processor. Nothing stays on the server at any time, but we would like to be able to pass a pci audit on these servers which requires that we have "automated" software that monitors and detects changes in the log files, and software that monitors key files (windows directories, and our app directories) for any changes and sends out an alert. We're looking at Tripwire product, but they seem pretty expensive for the small amount of servers we're talking about. Any thoughts? Thanks in advance. -Greg ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
