Website with credit card info securing
Hi, I am publishing web site which will hold credit card info and some private data in future. This wont be something big but hope for some customers.
CAn you suggest some links for best practices securing that kind of server. I have been seaarching google and looking at specific credit card private data securing :), I know it is stupid. i beleive security is security, but just maybe there are some examples out there someone might know of. |
This article from the InmotionHosting knowledge base might help get you started on your research.
http://www.inmotionhosting.com/suppo...best-practices Full disclosure: I did some work for them about 18 months ago, but am in no way connected with them. I was, however, impressed by their knowledge base. |
With respect to system hardening and auditing your distributions documentation (or "Securing Debian", together with the nfo at the SANS Reading Room, OWASP and the CISecurity.org profiles) should provide the first steps. Establish a local and remote baseline scan (GNU/Tiger, OpenVAS) first, then read those docs, implement measures and scan again.
Quote:
|
Quote:
|
Ah thank you guys very much :) . Website will be up August 1. And payment processing September 1. .
There will be checkout so I will work with developers and owner of the website so they do their part and I will do mine :). Thanks for the infos. |
Quote:
(We recently went through the whole process and have achieved PCI Level 1, it took a while!) |
All times are GMT -5. The time now is 05:01 PM. |