Castleforce IT Security Team

Regularly Monitor and Test Networks

Requirement 11 Regularly test security systems and processes

Vulnerabilities are being discovered continually by malicious individuals and researchers, and being introduced by new software. System components, processes, and custom software should be tested frequently to ensure security controls continue to reflect a changing environment.

PCI DSS 11.1 Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use

PCI DSS 11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network (such as new system component installations, changes in network topology, firewall rule modifications, product upgrades).

PCI DSS 11.3 Perform external and internal penetration testing at least once a year and after any significant infrastructure or application upgrade or modification (such as an operating system upgrade, a sub-network added to the environment, or a Web server added to the environment). These penetration tests must include the following:

  • 11.3.1 Network-layer penetration tests
  • 11.3.2 Application-layer penetration tests

PCI DSS 11.4 Use intrusion detection systems, and/or intrusion prevention systems to monitor all traffic in the cardholder data environment and alert personnel to suspected compromises. Keep all intrusion detection and prevention engines up to date.

PCI DSS 11.5 Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical system files, configuration files or content files; and configure the software to perform critical file comparisons at least weekly.

Intrusion Detection and Prevention Partners(IDS/IPS)

At Castleforce we are partnered with several leading IDS/IPS vendors and we can provide pre and post technical assistance with all the products listed. 

Stonesoft Securing Information Flow Stonesoft Stonegate IDS/IPS are ICSA Lab Certified and have hardware and VMware Certified virtual appliances, that can be managed through the same management centre. 

Juniper-Networks-Performance-and-Networking-SecurityJuniper Networks IDP Series Intrusion Detection and Prevention Appliances offer the latest capabilities in network intrusion prevention to protect the network from a wide range of attacks.

Palo Alto Networks Next-Generation Firewalls  Palo Alto Networks’ next-generation firewalls provide network security by enabling enterprises to see and control applications, users, and content – not just ports, IP addresses, and packets – using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies – safely enabling organizations to adopt new applications, instead of the traditional “all-or-nothing” approach offered by traditional port-blocking firewalls used in many security infrastructures.

Wireless LAN (WLAN) Security

Aruba Networks secure wireless LAN products and services   Aruba's integrated policy-enforcement firewall, high-security encryption, standards-based authentication, wireless intrusion detection/prevention, and compliance audit reporting assistance meet or exceed the wireless LAN-specific security requirements in PCI DSS. Merchants using an Aruba solution can cost-effectively implement the security controls required for PCI compliance without compromising the performance of business applications or upgrading legacy networks. 

Extricom Wireless LAN infrastructure  The Extricom WLAN product family is purpose-built to deliver robust, reliable connectivity. Extricom innovation makes the All-Wireless Enterprise possible by delivering voice (VoWLAN), data, video, and location services with an always-on, consistent, and mobile Wi-Fi connection to any client, in any environment. 

11.1 Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use
 

Contact Castleforce for help with PCI DSS

PCI DSS Core Principles

The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organised:

Requirement 1: Install and maintain a firewall configuration to protect cardholder data

Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters 

Requirement 3: Protect stored cardholder data

Requirement 4: Encrypt transmission of cardholder data across open, public networks

Requirement 5: Use and regularly update anti-virus software

Requirement 6: Develop and maintain secure systems and applications

Requirement 7: Restrict access to cardholder data by business need-to-know

Requirement 8: Assign a unique ID to each person with computer access

Requirement 9: Restrict physical access to cardholder data

Requirement 10: Track and monitor all access to network resources and cardholder data

Requirement 12: Maintain a policy that addresses information security

FIle Integrity

Monitoring

Assuria Auditor measures, manages and enforces security policies and Log Manager is designed to meet the requirements of enterprise wide management of audit logs generated by systems, devices and applications 

Assuria Auditor measures, manages, and enforces security policies across a wide range of operating systems using a host-to-network view of critical systems and servers. Assuria Auditor's methodology simplifies the creation of system security baselines for users, groups, shares, services, and critical system files, and easily fits in with existing business processes.

For more details on Assuria Auditor

Bit9 provides application whitelisting, real-time configuration audit, and change control Bit9 Application Whitelisting with Bit9 Parity Stop malicious and unauthorized software by blocking viruses, Trojans, application exploits, custom attacks, zero-day threats, and more.

For more details on Bit9 

LogRhythm integrated-enterprise-class log management-log analysis and event management solution

LogRhythm is an enterprise-class application that seamlessly combines Log & Event Management, File Integrity Monitoring and Endpoint Monitoring & Control into a single integrated solution.  It is highly reliable, cost effective and easily scalable across any size enterprise.  With LogRhythm, you can invest in a single solution to address needs and challenges throughout your organization, whether they are related to compliance, security or IT operations.

For more details on LogRhythm Single Integrated Appliances

Assuria Compliance and Vulnerability assessment, change detection, file integrity monitoring, Server Hardening and Log Management NETASQ-UTM-EAL4-Network-Security-appliances Credant we protect what matters DESlock+ FIPS-140-2 CESG CCTM Full disk Encryption, Removable Media Encryption, Email Encryption, Folder Encryption Stonesoft produce high availability multi link ISP firewalls to help reduce single point of failure Sourcefire-3D System and masters of SNORT and CLAMAV InfoGov helps you to achieve compliance, manage risk and demonstrate good governance now, and into the future. Swivel-PINsafe-CESG-CCTM-the-power-of-knowing Lumension-Security-Patch-Management-and-end-point-protection Imprivata OneSign Single Sign-On (SSO) appliance Check Point firewalls and Pointsec Encryption software Wallix-AdminBastion-and-LogBastion-provide-access-control-and-monitoring-solutions

© Copyright Castleforce 2007-2012. Web design by Theme Group