Getting the most value from your next penetration test
September 21, 2011 | POSTED BY MICHAEL OGLESBY IN SECURITY, COMPLIANCE
We here at True Digital Security conduct quite a lot of engagements around penetration testing, or "Pen-Tests". Usually this testing is driven by compliance requirements like the Payment Card Industry (PCI) DSS or security audit requests from potential ne...READ MORE +
When are merchants required to use a PA-DSS validated POS (point-of-sale) application?
September 21, 2011 | POSTED BY MICHAEL OGLESBY IN COMPLIANCE, PCI
In True's experience as a QSA advising merchants with PCI compliance, one point of confusion seems to always surface ? when are merchants required to use a Payment Application Data Security Standard (PA-DSS) validated POS application?
First, it is impo...READ MORE +
More on outbound firewall rules
September 21, 2011 | POSTED BY BRETT EDGAR IN MONITORING, COMPLIANCE
In a previous article, I mentioned two firewall rules that every network should have: blocking outbound DNS (udp/53 and tcp/53), and blocking outbound SMTP (tcp/25). I'd like to suggest a few more rules to add to that list.
The first rule to add is bl...READ MORE +