Getting the most value from your next penetration test
September 21, 2011 | POSTED BY MICHAEL OGLESBY IN SECURITY, COMPLIANCE
We here at True Digital Security conduct quite a lot of engagements around penetration testing, or "Pen-Tests". Usually this testing is driven by compliance requirements like the Payment Card Industry (PCI) DSS or security audit requests from potential ne...
READ MORE +When are merchants required to use a PA-DSS validated POS (point-of-sale) application?
September 21, 2011 | POSTED BY MICHAEL OGLESBY IN COMPLIANCE, PCI
In True's experience as a QSA advising merchants with PCI compliance, one point of confusion seems to always surface ? when are merchants required to use a Payment Application Data Security Standard (PA-DSS) validated POS application? First, it is impo...
READ MORE +More on outbound firewall rules
September 21, 2011 | POSTED BY BRETT EDGAR IN MONITORING, COMPLIANCE
In a previous article, I mentioned two firewall rules that every network should have: blocking outbound DNS (udp/53 and tcp/53), and blocking outbound SMTP (tcp/25). I'd like to suggest a few more rules to add to that list. The first rule to add is bl...
READ MORE +