|
Hi Jeremy, The PCI DSS wording is constantly changing. I believe it is at v1.2 now at the moment. 11.4 Use intrusion-detection systems, and/or intrusion-prevention systems to monitor all traffic in the cardholder data environment and alert personnel to suspected compromises. Keep all intrusion-detection and prevention engines up-to-date. 11.4.a Verify the use of intrusion-detection systems and/or intrusion-prevention systems and that all traffic in the cardholder data environment is monitored. 11.4.b Confirm IDS and/or IPS are configured to alert personnel of suspected compromises. 11.4.c Examine IDS/IPS configurations and confirm IDS/IPS devices are configured, maintained, and updated per vendor instructions to ensure optimal protection. I don't think OSSEC can fulfil 11.4.a by itself. You would need something like snort setup too. Regards, Noel Jeremy Hansen wrote: I'm going through the purgatory which is PCI compliance right now and the fact that PCI DSS point 11.4 is not mentioned in your PCI outline located here:http://www.ossec.net/ossec-docs/ossec-PCI-Solution.pdf has led the powers to be to believe that 11.4 is not covered by OSSEC. The requirement does not specifically mention NIDS vs HIDS. How is this interpreted? I assume to be fully covered, it would require a combination of OSSEC and a NIDS, such as snort. Does this make sense? -jeremy |
- [ossec-list] PCI document on the front page is v... Jeremy Hansen
- Re: [ossec-list] PCI document on the front ... Noel Mulryan
- Re: [ossec-list] PCI document on the front ... Michael Starks
- Re: [ossec-list] PCI document on the front ... Matthew Macdonald-Wallace
- Re: [ossec-list] PCI document on the fr... Michael Starks
- RE: [ossec-list] PCI document on the front ... Ransom, Tres
