PCI Compliance and ISPconfig 3

Discussion in 'General' started by MaxxNevis, Dec 6, 2013.

  1. MaxxNevis

    MaxxNevis New Member HowtoForge Supporter

    Hi @all,

    I have a rather large ISPconfig 3 production cluster spread around Europe and I'm in the middle of migrating some sensitive sites that handle sensitive data and I'd like to know if there's some compliance documentation either in the forum or some suggested link I can follow to pass Comodo security and SecureMetric assessments.

    Thanks.
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    As far as I know, there is no compliance documentation available. Which kind of tests is comodo doing?
     
  3. MaxxNevis

    MaxxNevis New Member HowtoForge Supporter

    Thanks Till for your response. I guessed that there were no docs.

    They run a quite thorough test suite, things like OpenSSL security vulnerabilities, we failed a bunchg of those tests on of of our shared hosting on the netherlands.

    Eg:

    Code:
    OpenSSH < 4.9 'ForceCommand' Directive
    Bypass ssh (4000/tcp)
    CVE-2008-1657
    CGI Generic Path Traversal (write test) www
    (80/tcp) High 7.5 Fail
    HTTP TRACE / TRACK Methods Allowed www
    (443/tcp)
    CVE-2003-1567, CVE-2004-2320, CVE-2010-
    0386
    
    And a very comprehensive list that's not worth kludging the thread with.

    This is why I wanted to find some guidelines to assess the matter.

    Thanks anyways.
     
  4. DanielP

    DanielP New Member

    @MaxxNevis this spring i tested allmost freebies from Cpanel and one is free PCI compilance Scan from Mcafee for cpanel users... I do not know if that test is complex as Comodo one it's for for Level 2-4 merchants

    applications.cpanel.net/free-pci-compliance-scans-by-mcafee-secure/

    I simply do all recommendations in Cpanel for Apache (hide server hide php)

    [​IMG]


    adjust other service cipher to not have low on all services where i found pci compilance metioned

    [​IMG]

    add a CSF firewall (cause they verify do you block port scanning) think on medium

    ssh was with key only (centos 6)

    and pass it

    (if you have cpanel server on hand you can check it) and then replicate to isp config
     
  5. ganewbie

    ganewbie Member HowtoForge Supporter

    @MaxxNevis

    How is the progress on this topic?
     

Share This Page