If your business is somehow related to the payment card industry, you’ve probably heard about the new PCI requirements which heavily focus on compliance for merchants that use deprecated security protocols.
TLS, which stands for Transport Layer Security, is the payment card industry’s required method of creating secure connections. Older security protocols such as SSL 2.0 and SSL 3.0 have been compromised in various fashions, which has prompted the industry to utilize stronger encryption techniques. What does this means for your servers?
Many organizations that use the Windows Server OS to deliver web applications that allow users to make payments on accounts must tightly secure the protocols on their production servers in order to meet PCI-DSS compliance standards.
Preparing Windows Servers
In order secure web applications running IIS, businesses have heavily implemented a free tool called IIS Crypto in order to remove insecure ciphers from the registry of the server. One of the downsides of this configuration is that protocols such as Remote Desktop may become impacted.
You will want to make the necessary registry changes in order to continue using RDP on your servers. If you are comfortable managing your servers using remote PowerShell, the lack of RDP functionality may not be a big deal to your team.
What About Linux Servers?
The first thing that you should do on any Linux distro is run the necessary system updates. When your system is up to date, your server will operate in accordance to the top industry standards.
Just to be sure, you should consult the documentation on your specific Linux distribution on instructions on how to disable weak security ciphers. For example, Red Hat provides its subscribers with a document on how to perform these actions.
Why is PCI Compliance Important?
Some systems administrators will discount the importance of becoming PCI-DSS compliant within your organization. When your servers pass the PCI compliance test, you can know that your administrators have taken the proper precautions to help keep your organizational data safe and secure.
When your customers are transmitting personal information about themselves, you want to ensure that only you and your customers know what is being transmitted. When you adhere to the newest PCI regulations that heavily focus upon disabling weak security ciphers on your servers, you can be sure that your organization has taken the initials to help facilitate secure transactions between your business and your customers.
Is your web server PCI compliant? Check the status of your website by using free tools found on websites such as Nartac.com.