Skip to main content

Posts

PCI DSS - Checklist

Requirement 1: Build and Maintain a Secure Network This can be divided into two parts: Create a secure network Document your network Following steps should help you to achieve this: Identify your Card Holder Environment (CDE): If you are hosting your CDE on-premise then your local network is usually the CDE. It is preferable to have some demarcation for your CDE. This is usually achieved by means of a firewall. Secure your CDE: Most firewalls work on a whitelist model i.e. only the services that are explicitly allowed to pass are allowed, the rest are blocked. Firewall process document : You should document the list of services that are allowed across the firewall. This should consist of the IP addresses, ports and applications (in case of Next-generation firewalls) that have been allowed on the firewall. Not only the IP addresses, you should be able to map these IP addresses with the servers hosting your card related applications. Requirement 2 : Do Not Use Vendor Supplied Defaults Th...

Warp - 1.1.1.1 (Cloudflare)

Tested : Private, Fast and Free I have used several Mobile apps that either promise total anonymity or faster speeds. Unfortunately, I never found an app that does both, simultaneously. Come Warp - 1.1.1.1 ! This app created by Cloudflare not only keeps your internet communication private, it also speeds up the communication. Why, of course - the CDN provider which hosts the fastest DNS server (1.1.1.1 - which it says is twice faster than Google's famous DNS server 8.8.8.8) would be expected to come up with something like this. You should find app here - Warp - 1.1.1.1 This is how the app will look like. Warp 1.1.1.1 The first thing I did post installation of the app was, check the Internet speed and the nearest Cloudflare CDN server which the app connected me with. Notice below the nearest server connected was located in Mumbai and the download speed being near 2.79 Mbps (Ideally I was expecting about 10 Mbps but have been getting reduced speed since the COVID-19 quarantine) Inter...

Palo Alto Firewall Management Hardening

So you got a fresh new firewall, out of the box. You are done with the basic configuration, placed it into your network, connected the management interface to the management network (Either you have a dedicated management switch / infrastructure which promises a true out of band connectivity or you create a "pseudo" separate network using management VLANs). Of course, it is already recommended to have a firewall protecting the management network, the since compromise on this network can directly lead to access to each of the devices, with catastrophic outcome. In spite of this, there are several management hardening steps that should be carried out to ensure that the firewall's management access is as secure as it can be. Disable telnet (TCP 21) and HTTP (TCP 80) Telnet and HTTP send data in clear text and all it takes is a carefully crafted SPAN / RSPAN session to forward a copy of the communication to a remote machine where the captured traffic (including clear text pas...

PCI DSS

With over 257 billion card transactions for goods and services worldwide, the payment cards (credit or debit cards) serve as one of the most preferable modes of payment. In fact, many surveys show that over 70% people prefer card payments over cash. Payment Card - PCI DSS While alternate modes of payment are catching up (such as IBAN in Europe, UPI in India etc.), the card industry will continue to thrive for several years, on account of its worldwide acceptance, transaction success rate and ease of use. Of course, like all other electronic media, security is of paramount importance when it comes to payment cards. While there is a legal structure for protecting the interests of the card users, the underlying security (both infrastructure and application) is governed by PCI DSS compliance. So what is PCI DSS? It stands for Payment Cards Industry - Data Security Standards. Five different companies Visa, MasterCard, American Express, Discover and JCB International - each of them who alrea...

Database Recovery Strategies

Be it a natural disaster striking your primary data center and obliterating all your databases or some technical error that brings it down, forcing you to consider moving your database to your backup DR (disaster recovery) location, the right disaster recovery strategy would definitely save the day. How do we accomplish this? Well, there are primarily three strategies, you can considering, depending upon your downtime tolerance level: Electronic Vaulting Remote Journaling Remote Mirroring Let us see what each one of them has in store for us: Electronic Vaulting These are essentially bulk transfers wherein the database backups are moved from the primary site to the remote (backup / DR) site via network There is a significant delay between the time you declare a disaster and the time to recover your database backups Entire Backup files are transferred Not suited for hot sites where the recovery should be instantaneous Remote Journaling These are much more frequent and faster than Electro...

RAID

Stands for Redundant Array of Inexpensive Disks (or Redundant array of Independent Disks) It is a data storage virtualization technology that combines multiple physical disk drives into logical units to ensure data redundancy and performance improvement The standard RAID levels including there features and the number of disks that ensure their functionality are : RAID levels Features Number of disks RAID 0 Striping At least 2 RAID 1 Mirroring At least 2 RAID 5 Striping with parity At least 3 but upto 16 RAID 6 Striping with double parity At least 4 RAID 10 Combining mirroring and striping At least 4 RAID types A bit more... RAID 0 : It improves the disk subsystem performance, but it does not provide fault tolerance RAID 1: It uses same disks which both hold the same data. If one disk fails, the other disk continues to operate as usual. RAID 5: It uses three or more disks with the equivalent of one disk holding parity information. If one disk fails, the RAID array will continue to oper...

CISSP - Fagan Inspection Process

Fagan Inspection Process The Fagan Inspection process consists of the following steps: Planning Overview Preparation Meeting Rework Follow-up