Re: PCI-DSS compliant instalation guide for latest Debian

[claude juif <claude.juif@gmail.com>]

Hi,

If your server is directly connected to Internet, you will fail PCI-DSS compliance. You need at least to put a proxy between internet and your server.

IMO, the best way to accomplish this, is to hold credit card data on a separate server (this server will only store data, not more), not connected to internet (no route to internet gateway).

Server                <-->  Intermediate API server to retrieve Credit card data in a safe way <--> Webserver

Credit Card

This way, only the intermediate server is allowed to acces credit card data. Credit card server and intermediate server do NOT have access to internet. Obviously Credit Card server and intermediate server should communicate on a private LAN. The only point here, is how you authenticate Webserver with intermediate server. You have plenty of solutions.

For the debian part, following the security update is enough for PCI DSS.

Cheers,

 

2015-09-09 8:31 GMT+02:00 Lovrenco Vladislavic <lovrenco.vladislavic@outlook.com>:

Hello,

Can you provide me with some tutorial for latest Debian installation which will achieve full compatibility with latest PCI-DSS security standard:

 
https://www.pcisecuritystandards.org/https://www.pcisecuritystandards.org/

We need to host code for Credit Card data transfer (interface) on it, and server will be audited by online robot for security issues.

It would speed up the process if there is some concrete tutorial about setting up correct services on new Debian installation.

Thank you in advance,

---

Lovrenco Vladislavic