by Jesper Kråkhede, Sweden
Posted in Uncategorized on Oct 6th, 2007
Lately I have recieved several comments from companies only wanting to promote their products. I will from now on not publish those. If I have the time I will review the webiste and product and possible write a blogentry about it. This policy affects all comments already accepted as well.
Posted in Compliance on Oct 2nd, 2007
A big security issue is that we want have a centralized authentication solution to more efficiant handle security. On the otherhand we want it to be PCI DSS compliant. With multiple hetrogenic systems using the LDAP this could be cumersome. One way is to use a secure LDAP in parallel to the ordinary one. If […]
Posted in Compliance on Oct 2nd, 2007
Another scoping question we have is how we should look at system connecting into the card holder environment (the secure area within firewalls that has the PAN:s). With the strictest definition of system components all systems connecting into the card holder environment is within scope and all system connecting to that is also in scope. […]
Posted in Compliance on Oct 2nd, 2007
I have been in deep discussions regarding several scoping issues in how to define system components and how we should look at different setups. One setup is where we have a till with a serial connected terminal where all logic is inside the terminal, a.k.a. smart terminals. Even with this setup the serial cable is […]