Supporting PCI-compliant IT-infrastructure with CFEngine

•

0 likes•758 views

The PCI Data Security Standard (PCI DSS) provides an actionable framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents. Attend this webinar to learn how CFEngine is used to support an important element of PCI DSS: ensuring that the configuration of your IT Infrastructure complies with the standard. See how to create and enforce PCI policies for services such as SSH, Sudo, NTP, and user and password management and how automate delivery of reports to make it easy to audit compliance.

Technology

PCI Solution

Product, Process, Consulting

PCI High Level Overview
- Payment Application Data Security Standard
- Pin Transaction Security
- Data Security Standard:

INTERNAL ONLY - CONFIDENTIAL

Using CFEngine to maintain
PCI compliant IT infrastructure
Provision PCI
Provision PCI Hardened
Hardened
Compliant
Compliant Operating
Operating
Infrastructure
Infrastructure Systems
Systems
BUILD DEPLOY

PCI
POLICY

AUDIT MANAGE

Monitoring
Monitoring Maintain
Maintain
Reporting
Reporting Compliance in
Compliance in
Audit
Audit Real Time
Real Time

INTERNAL ONLY - CONFIDENTIAL

Approaches to PCI-DSS compliance

●
Reactive (traditional)
●
Manual changes, scripts, inconsistencies
●
Scanners/detection-scripts (band-aid)

●
Proactive (CFEngine)
●
Desired-state
●
Automation, consistency
●
Always maintained and provable
INTERNAL ONLY - CONFIDENTIAL

$File integrity (manage) { "activated": true, "params": { "watch": [ "/etc", Sketch Security::file_integrity "/boot", Params pcidss_v2.json "/bin", "/usr/sbin", "/sbin", "/lib", ], "hash_algorithm": "sha256", "ifelapsed": "1440" }, "tags": [ "pcidss", Knowledge is kept "pcidss_v2", with configuration "pcidss_v2_sec_11_5" ] } INTERNAL ONLY - CONFIDENTIAL$

File integrity (audit)

INTERNAL ONLY - CONFIDENTIAL

$SSH Configuration (manage) { "activated": true, Sketch Security::SSH "params": { Params pcidssv2.json "Protocol": "2", "PermitEmptyPasswords": "no", "ClientAliveInterval": "900", "ClientAliveCountMax": "0" }, "tags": [ "pcidss", "pcidss_v2", "pcidss_v2_sec_2_1", "pcidss_v2_sec_2_2_3", Which sections was this for? "pcidss_v2_sec_8_5_15" ] } INTERNAL ONLY - CONFIDENTIAL$

SSH Report (audit)

Host Failing promise Time
comp1.ex.com sshd_set_config Sept 21, 2012
log1.ex.com sshd_restart Sept 21, 2012
log1.ex.com sshd_set_config Sept 19, 2012
app1.ex.com sshd_copy_config Sept 20, 2012
app2.ex.com sshd_restart Sept 18, 2012

●
Available through web interface, PDF, CSV and REST API
●
Scheduling, emailing and archiving possible
●
SQL-based, extremely flexible

INTERNAL ONLY - CONFIDENTIAL

Conclusions – what you get

●
CFE software to maintain PCI-DSS compliance
●
9 out of 10 largest banks does it

●
Content to do it out-of-the-box (on-going effort)
●
Design Center sketches

●
Report and audit with CFE 3 Enterprise

INTERNAL ONLY - CONFIDENTIAL

Links

●
CFEngine 3 Enterprise (manage, report and audit)
●
http://cfengine.com/enterprise
●
Design Center (content)
●
https://github.com/cfengine/design-center
●
Work-in-progress
●
Learning CFEngine 3
●
https://cfengine.com/getting-started

INTERNAL ONLY - CONFIDENTIAL

Supporting PCI-compliant IT-infrastructure with CFEngine

Recently uploaded

Six Myths about Ontologies: The Basics of Formal Ontology

johnbeverley2021

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

apidays

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

Retrieval augmented generation (RAG) is the most popular style of large language model application to emerge from 2023. The most basic style of RAG works by vectorizing your data and injecting it into a vector database like Milvus for retrieval to augment the text output generated by an LLM. This is just the beginning. One of the ways that we can extend RAG, and extend AI, is through multilingual use cases. Typical RAG is done in English using embedding models that are trained in English. In this talk, we’ll explore how RAG could work in languages other than English. We’ll explore French, Chinese, and Polish.

Introduction to Multilingual Retrieval Augmented Generation (RAG)

Zilliz

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

apidays

MS Copilot expands with MS Graph connectors

Nanddeep Nachan

In this keynote, Asanka Abeysinghe, CTO,WSO2 will explore the shift towards platformless technology ecosystems and their importance in driving digital adaptability and innovation. We will discuss strategies for leveraging decentralized architectures and integrating diverse technologies, with a focus on building resilient, flexible, and future-ready IT infrastructures. We will also highlight WSO2's roadmap, emphasizing our commitment to supporting this transformative journey with our evolving product suite.

Platformless Horizons for Digital Adaptability

WSO2

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

ICT role in 21st century education and its challenges

rafiqahmad00786416

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

MadyBayot

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

Vector Search -An Introduction in Oracle Database 23ai.pptx

Remote DBA Services

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Exploring Multimodal Embeddings with Milvus

Zilliz

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

Recently uploaded (20)

Six Myths about Ontologies: The Basics of Formal Ontology

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

presentation ICT roal in 21st century education

Introduction to Multilingual Retrieval Augmented Generation (RAG)

AWS Community Day CPH - Three problems of Terraform

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

MS Copilot expands with MS Graph connectors

Platformless Horizons for Digital Adaptability

How to Troubleshoot Apps for the Modern Connected Worker

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

ICT role in 21st century education and its challenges

Corporate and higher education May webinar.pptx

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Vector Search -An Introduction in Oracle Database 23ai.pptx

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Exploring Multimodal Embeddings with Milvus

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Featured

https://www.hubspot.com/state-of-marketing · Scaling relationships and proving ROI · Social media is the place for search, sales, and service · Authentic influencer partnerships fuel brand growth · The strongest connections happen via call, click, chat, and camera. · Time saved with AI leads to more creative work · Seeking: A single source of truth · TLDR; Get on social, try AI, and align your systems. · More human marketing, powered by robots

2024 State of Marketing Report – by Hubspot

Marius Sescu

ChatGPT is a revolutionary addition to the world since its introduction in 2022. A big shift in the sector of information gathering and processing happened because of this chatbot. What is the story of ChatGPT? How is the bot responding to prompts and generating contents? Swipe through these slides prepared by Expeed Software, a web development company regarding the development and technical intricacies of ChatGPT!

Everything You Need To Know About ChatGPT

Expeed Software

Product Design Trends in 2024 | Teenage Engineerings

Pixeldarts

Mental health has been in the news quite a bit lately. Dozens of U.S. states are currently suing Meta for contributing to the youth mental health crisis by inserting addictive features into their products, while the U.S. Surgeon General is touring the nation to bring awareness to the growing epidemic of loneliness and isolation. The country has endured periods of low national morale, such as in the 1970s when high inflation and the energy crisis worsened public sentiment following the Vietnam War. The current mood, however, feels different. Gallup recently reported that national mental health is at an all-time low, with few bright spots to lift spirits. To better understand how Americans are feeling and their attitudes towards mental health in general, ThinkNow conducted a nationally representative quantitative survey of 1,500 respondents and found some interesting differences among ethnic, age and gender groups. Technology For example, 52% agree that technology and social media have a negative impact on mental health, but when broken out by race, 61% of Whites felt technology had a negative effect, and only 48% of Hispanics thought it did. While technology has helped us keep in touch with friends and family in faraway places, it appears to have degraded our ability to connect in person. Staying connected online is a double-edged sword since the same news feed that brings us pictures of the grandkids and fluffy kittens also feeds us news about the wars in Israel and Ukraine, the dysfunction in Washington, the latest mass shooting and the climate crisis. Hispanics may have a built-in defense against the isolation technology breeds, owing to their large, multigenerational households, strong social support systems, and tendency to use social media to stay connected with relatives abroad. Age and Gender When asked how individuals rate their mental health, men rate it higher than women by 11 percentage points, and Baby Boomers rank it highest at 83%, saying it’s good or excellent vs. 57% of Gen Z saying the same. Gen Z spends the most amount of time on social media, so the notion that social media negatively affects mental health appears to be correlated. Unfortunately, Gen Z is also the generation that’s least comfortable discussing mental health concerns with healthcare professionals. Only 40% of them state they’re comfortable discussing their issues with a professional compared to 60% of Millennials and 65% of Boomers. Race Affects Attitudes As seen in previous research conducted by ThinkNow, Asian Americans lag other groups when it comes to awareness of mental health issues. Twenty-four percent of Asian Americans believe that having a mental health issue is a sign of weakness compared to the 16% average for all groups. Asians are also considerably less likely to be aware of mental health services in their communities (42% vs. 55%) and most likely to seek out information on social media (51% vs. 35%).

How Race, Age and Gender Shape Attitudes Towards Mental Health

ThinkNow

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

marketingartwork

Skeleton Culture Code

Skeleton Technologies

PEPSICO Presentation to CAGNY Conference Feb 2024

Neil Kimberley

Content Methodology: A Best Practices Report (Webinar)

contently

How to Prepare For a Successful Job Search for 2024

Albert Qian

A report by thenetworkone and Kurio. The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).

Social Media Marketing Trends 2024 // The Global Indie Insights

Kurio // The Social Media Age(ncy)

The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands. It’s important that you’re ready to implement new strategies in 2024. Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024. You’ll learn: - The latest trends in AI and automation, and what this means for an evolving paid search ecosystem. - New developments in privacy and data regulation. - Emerging ad formats that are expected to make an impact next year. Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape. If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.

Trends In Paid Search: Navigating The Digital Landscape In 2024

Search Engine Journal

From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world. With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively. The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage. Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience. See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers See the original article on Forbes here: http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b

5 Public speaking tips from TED - Visualized summary

SpeakerHub

Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world. Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance. For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age. Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.

ChatGPT and the Future of Work - Clark Boyd

Clark Boyd

Getting into the tech field. what next

Tessa Mero

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Lily Ray

How to have difficult conversations

Rajiv Jayarajah, MAppComm, ACC

Introduction to Data Science

Christy Abraham Joy

Time Management & Productivity - Best Practices

Vit Horky

The six step guide to practical project management If you think managing projects is too difficult, think again. We’ve stripped back project management processes to the basics – to make it quicker and easier, without sacrificing the vital ingredients for success. “If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.” Dr Andrew Makar, Tactical Project Management

The six step guide to practical project management

MindGenius

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

RachelPearson36

Featured (20)

2024 State of Marketing Report – by Hubspot

Everything You Need To Know About ChatGPT

Product Design Trends in 2024 | Teenage Engineerings

How Race, Age and Gender Shape Attitudes Towards Mental Health

AI Trends in Creative Operations 2024 by Artwork Flow.pdf

Skeleton Culture Code

PEPSICO Presentation to CAGNY Conference Feb 2024

Content Methodology: A Best Practices Report (Webinar)

How to Prepare For a Successful Job Search for 2024

Social Media Marketing Trends 2024 // The Global Indie Insights

Trends In Paid Search: Navigating The Digital Landscape In 2024

5 Public speaking tips from TED - Visualized summary

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

Introduction to Data Science

Time Management & Productivity - Best Practices

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Supporting PCI-compliant IT-infrastructure with CFEngine

1. PCI Solution Product, Process, Consulting

2. PCI High Level Overview - Payment Application Data Security Standard - Pin Transaction Security - Data Security Standard: INTERNAL ONLY - CONFIDENTIAL

3. Using CFEngine to maintain PCI compliant IT infrastructure Provision PCI Provision PCI Hardened Hardened Compliant Compliant Operating Operating Infrastructure Infrastructure Systems Systems BUILD DEPLOY PCI POLICY AUDIT MANAGE Monitoring Monitoring Maintain Maintain Reporting Reporting Compliance in Compliance in Audit Audit Real Time Real Time INTERNAL ONLY - CONFIDENTIAL

4. Approaches to PCI-DSS compliance ● Reactive (traditional) ● Manual changes, scripts, inconsistencies ● Scanners/detection-scripts (band-aid) ● Proactive (CFEngine) ● Desired-state ● Automation, consistency ● Always maintained and provable INTERNAL ONLY - CONFIDENTIAL

5. CFEngine examples • Extended history setting in shell (/etc/profile) PCI-DSS requires strict OS hardening, and a system to maintain the hardening • NTP configuration (/etc/ntp.conf) over time. CFEngine is uniquely capable to keep • File integrity check systems compliant with desired state and provide reporting to validate this. • SSH configuration (/etc/ssh/sshd_config) • Useradd settings (/etc/default/useradd) • Password definitions (/etc/login.defs) • Password expiration on personal users • User interaction timeout (/etc/profile) • Sudo configuration (/etc/sudoers) • Syslog configuration (/etc/syslog.conf) • Management of services (whitelist & blacklist) • Locking of inactive users INTERNAL ONLY - CONFIDENTIAL

6. File integrity (manage) { "activated": true, "params": { "watch": [ "/etc", Sketch Security::file_integrity "/boot", Params pcidss_v2.json "/bin", "/usr/sbin", "/sbin", "/lib", ], "hash_algorithm": "sha256", "ifelapsed": "1440" }, "tags": [ "pcidss", Knowledge is kept "pcidss_v2", with configuration "pcidss_v2_sec_11_5" ] } INTERNAL ONLY - CONFIDENTIAL

7. File integrity (audit) INTERNAL ONLY - CONFIDENTIAL

8. SSH Configuration (manage) { "activated": true, Sketch Security::SSH "params": { Params pcidssv2.json "Protocol": "2", "PermitEmptyPasswords": "no", "ClientAliveInterval": "900", "ClientAliveCountMax": "0" }, "tags": [ "pcidss", "pcidss_v2", "pcidss_v2_sec_2_1", "pcidss_v2_sec_2_2_3", Which sections was this for? "pcidss_v2_sec_8_5_15" ] } INTERNAL ONLY - CONFIDENTIAL

9. SSH Report (audit) Host Failing promise Time comp1.ex.com sshd_set_config Sept 21, 2012 log1.ex.com sshd_restart Sept 21, 2012 log1.ex.com sshd_set_config Sept 19, 2012 app1.ex.com sshd_copy_config Sept 20, 2012 app2.ex.com sshd_restart Sept 18, 2012 ● Available through web interface, PDF, CSV and REST API ● Scheduling, emailing and archiving possible ● SQL-based, extremely flexible INTERNAL ONLY - CONFIDENTIAL

10. Conclusions – what you get ● CFE software to maintain PCI-DSS compliance ● 9 out of 10 largest banks does it ● Content to do it out-of-the-box (on-going effort) ● Design Center sketches ● Report and audit with CFE 3 Enterprise INTERNAL ONLY - CONFIDENTIAL

11. Links ● CFEngine 3 Enterprise (manage, report and audit) ● http://cfengine.com/enterprise ● Design Center (content) ● https://github.com/cfengine/design-center ● Work-in-progress ● Learning CFEngine 3 ● https://cfengine.com/getting-started INTERNAL ONLY - CONFIDENTIAL

Supporting PCI-compliant IT-infrastructure with CFEngine

Recommended

Recommended

More Related Content

Recently uploaded

Recently uploaded (20)

Featured

Featured (20)

Supporting PCI-compliant IT-infrastructure with CFEngine