Loading ...

Month: November 2017

Quick Look at PCI Compliance Regulations

PCI Compliance RegulationsJust got done cleaning up after a security breach (aka hacking) of one of my client’s accounting workstation. They had an older method of remote access called Microsoft Remote Desktop that has known vulnerabilities without additional security measures in place. The hacker did not touch their Quickbooks data (super surprising), but installed software to send SPAM, mine bitcoin crypto-currency, and running fraudulent credit card transactions. Since there was no compromises of Primary Account Numbers (PAN) or customer data there was no need for notifying customers, but the FBI Cyber Crime division was still notified to help share with them the intelligence from the breach. This then lead to me reading through the PCI DSS regulations again and making the requisite recommendations to mitigate the current issues with the client’s network and protect against future attempts. Here is a list of applicable PCI Compliance Regulations:

Requirement 1.1.2 – Current network diagram that identifies all connections between the cardholder data environment and other networks, including any wireless networks.
Requirement 1.2 – Build firewall and router configurations that restrict connections between untrusted networks and any system components in the cardholder data environment.
Requirement 1.3 – Prohibit direct public access between the Internet and any system component in the cardholder data environment.
Requirement 4.1 – Use strong cryptography and security protocols to safeguard sensitive cardholder data during transmission over open, public networks, including the following:
•    Only trusted keys and certificates are accepted
•    The protocol in use only supports secure versions or configurations
•    The encryption strength is appropriate for the encryption methodology in use
Requirement 5.1 – Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers).
Requirement 5.2 – Ensure that all anti-virus mechanisms are maintained as follows:
•    Are kept current,
•    Perform periodic scans
•    Generate audit logs
Requirement 5.3 – Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period
Requirement 6.2 – Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendor-supplied security patches. Install critical security patches within one month of release.
Requirement 8.2.3 – Passwords/passphrases must meet the following:
•    Require a minimum length of at least seven characters.
•    Contain both numeric and alphabetic characters.
Requirement 8.2.4 – Change user password/passphrases at least once every 90 days.

If your company has PCI Compliance Regulations that you need consulting for, then contact us for assistance.

CyberSecurity Month – Internet of Things Tips

Internet of ThingsThe Internet of Things refers to any object or device that sends and/or receives data automatically via the Internet. This rapidly-expanding set of “things” includes tags (also known as labels or chips that automatically track objects), sensors, and devices that interact with people and share information machine to machine.

WHY SHOULD WE CARE?

• Cars, appliances, wearables, lighting, healthcare, and home security all contain sensing devices that can talk to another machine and trigger other actions. Examples include: devices that direct your car to an open spot in a parking lot; mechanisms that control energy use in your home; and other tools that track your eating, sleeping, and exercise habits.

• This technology provides a level of convenience to our lives, but it requires that we share more information than ever. The security of this information, and the security of these devices, is not always guaranteed.

• Though many security and resilience risks are not new, the scale of interconnectedness created by the Internet of Things increases the consequences of known risks and creates new ones.

SIMPLE TIPS

Without a doubt, the Internet of Things makes our lives easier and has many benefits; but we can only reap these benefits if our Internet-enabled devices are secure and trusted. Here are some tips to increase the security of your Internet-enabled devices:

1. Keep a clean machine.
Like your smartphone or PC, keep any device that connects to the Internet free from viruses and malware. Update the software regularly on the device itself as well as the apps you use to control the device.

2. Think twice about your device.
Have a solid understanding of how a device works, the nature of its connection to the Internet, and the type of information it stores and transmits.

3. Secure your network.
Properly secure the wireless network you use to connect Internet-enabled devices.If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.

Archives

Categories

Plant a Seed @ 541-761-9549
233 Rogue River Hwy #873 Grants Pass, OR 97527
Mon-Fri: 9:00am-5:00pm
support@farmhousenetworking.com
© 2016-2023- Farmhouse Networking. All rights reserved
Terms and Conditions Privacy Policy

Evaluation Signup

[contact-form-7 id="452" title="Free Network Evaluation"]
And God will generously provide all you need. Then you will always have everything you need and plenty left over to share with others. As the Scriptures say,
“They share freely and give generously to the poor. Their good deeds will be remembered forever.”
For God is the one who provides seed for the farmer and then bread to eat. In the same way, he will provide and increase your resources and then produce a great harvest of generosity in you. - 2 Corinthians 9:8-10