Linux Used in Pci Dss Compliance Essay

445 Words2 Pages
Linux is a practical solution for network services and servers in an enterprise environment. Subsequently it is constructed more securely than other platforms, maintaining security of the network is easier. In the meantime Linux comes in many distributions, unlike Microsoft Windows, an attacker would need to determine the specific version of Linux that is being utilized on a given system. Furthermore, a security hovel that is present in one distribution may not be present in an alternative. Meanwhile the software is open-source and community driven, the community as a whole can contribute to finding and plugging security vulnerabilities in the system. The infrastructure will need to be Sarbanes-Oxley and PCI DSS compliant. PCI DSS dictates that customer’s credit card numbers and other private information be stored and conveyed in an encrypted format, so the database server will need to be equipped with an encrypted file system, which Linux supports natively, and the Web server will need to support SSL, which Apache supports out of the box. Linux also supports signing of files and emails, to verify their integrity, in which there can be used only authorized changes to customers’ data that is allowed. This can also be used to verify the integrity of any software packages or updates, to ensure that they have not been modified from the original programs. There will need to increase the physical security of the systems, with BIOS passwords and boot time limitations, meanwhile a user with a USB stick or live CD can easily bypass the security of the system if they have physical access to the server. Linux also supports programs such as SELinux and Tripwire that can be used to limit what applications can be run, what modifications can be made, and what access different applications and services have to the physical system as well as to the network. This allows for more

More about Linux Used in Pci Dss Compliance Essay

Open Document