The PCI DSS, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.
The PCI DSS is a multifaceted security standard that includes requirements for security management, policies, procedures, network architecture, software design and other critical protective measures. This comprehensive standard is intended to help organizations proactively protect customer account data.
The PCI Security Standards Council will enhance the PCI DSS as needed to ensure that the standard includes any new or modified requirements necessary to mitigate emerging payment security risks, while continuing to foster wide-scale adoption.
Ongoing development of the standard will provide for feedback from the Advisory Board and other participating organizations. All key stakeholders are encouraged to provide input, during the creation and review of proposed additions or modifications to the PCI DSS.
The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:
Build and Maintain a Secure Network.
Requirement 1: Install and maintain a firewall configuration to protect cardholder data.
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters .
Protect Cardholder Data.
Requirement 3: Protect stored cardholder data.
Requirement 4: Encrypt transmission of cardholder data across open, public networks.
Maintain a Vulnerability Management Program.
Requirement 5: Use and regularly update anti-virus software.
Requirement 6: Develop and maintain secure systems and applications.
Implement Strong Access Control Measures.
Requirement 7: Restrict access to cardholder data by business need-to-know.
Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical access to cardholder data.
Regularly Monitor and Test Networks.
Requirement 10: Track and monitor all access to network resources and cardholder data. Requirement 11: Regularly test security systems and processes.
Maintain an Information Security Policy.
Requirement 12: Maintain a policy that addresses information security.
For more info and to download the supporting documentation and other documents visit https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml.
Monday, June 29, 2009
Saturday, June 27, 2009
Internet Protocol and IP Addresses Overview
Every machine on the Internet or a private network has a unique identifying number.
This is called an Internet Protocol Address, or IP Address.
To a computer, an IP address would look something like this, 11011000.00011011.00111101.10001001.
The above number is written in binary form but in order to make it easier for people to interact with and remember the IP address, it is translated in decimal form.
In decimal form the above address would look like 216.27.61.137.
Before we move forward lets define what an octet is.
An octet is a group of 8 digits, usually 1's and 0's that make up part of the IP address. Each IP address has 4 groups of 1's and 0's or 4 octets. Each number represents a bit and of course 8 bits equal a byte.
There are 3 valid classes of IP addresses, Class A, B and C.
The range of the first octet of a class A IP address is from 1 to 126, valid network numbers are from 1.0.0.0 to 126.0.0.0, the number of networks that are possible in this class is 126, 2^7 -2. The number of hosts that can belong to each network is 16777214 or 2^24 - 2.
The range of the first octet of a class B IP address is from 128 to 191, valid network numbers are from 128.1.0.0 to 191.254.0.0, the number of networks that are possible in this class is 16382. (2^14 -2). The number of hosts that can belong to each network is 65534 or 2^16 - 2.
The range of the first octet of a class C IP address is from 192 to 223, valid network numbers are from 192.0.1.0 to 223.255.254.0, the number of networks that are possible in this class is 2097150. (2^21 -2). The number of hosts that can belong to each network is 254 or 2^8 - 2.
Notice that as the number of networks in each class increases, the number of hosts that each of the networks can accommodate decreases. This is because each network has a address of 32 bits or 4 bytes. Each byte is the same as 8 bits or an octet.
In terms of bits and bytes, a class A IP address has an 8 bit network address and a 24 bit host address. A class B IP address has 16 bit network address and 16 bit host address. Finally, a class C IP address has a 24 bit network address and 8 bit host address.
In the above calculations you might have noticed that each calculation is composed of the number 2 to the power of a number not greater than 32 minus 2.
Example:
In order to find out how many networks and hosts are possible for a class A network we perform the following calculations.
First, we know it's a class A Network. By definition the network part of the IP address must be 8 bits long and we also know that an IP address cannot be more than 32 bits long so 32 - 8 is 24. The host part of the network is 24 bits long. 2^8 - 2 = Number of Networks, 2^24 - 2 = Number of hosts each network.
Why the - 2?
You must subtract 2 IP addresses from each calculation because 1 is used as the broadcast address and the other as the Network ID.
Normally and IP address is accompanied by a subnet mask. The subnet mask helps a computer determine how many hosts are in the network.
Class A subnet mask is 255.0.0.0.Class B subnet mask is 255.255.0.0.Class C subnet mask is 255.255.255.0.
This is called an Internet Protocol Address, or IP Address.
To a computer, an IP address would look something like this, 11011000.00011011.00111101.10001001.
The above number is written in binary form but in order to make it easier for people to interact with and remember the IP address, it is translated in decimal form.
In decimal form the above address would look like 216.27.61.137.
Before we move forward lets define what an octet is.
An octet is a group of 8 digits, usually 1's and 0's that make up part of the IP address. Each IP address has 4 groups of 1's and 0's or 4 octets. Each number represents a bit and of course 8 bits equal a byte.
There are 3 valid classes of IP addresses, Class A, B and C.
The range of the first octet of a class A IP address is from 1 to 126, valid network numbers are from 1.0.0.0 to 126.0.0.0, the number of networks that are possible in this class is 126, 2^7 -2. The number of hosts that can belong to each network is 16777214 or 2^24 - 2.
The range of the first octet of a class B IP address is from 128 to 191, valid network numbers are from 128.1.0.0 to 191.254.0.0, the number of networks that are possible in this class is 16382. (2^14 -2). The number of hosts that can belong to each network is 65534 or 2^16 - 2.
The range of the first octet of a class C IP address is from 192 to 223, valid network numbers are from 192.0.1.0 to 223.255.254.0, the number of networks that are possible in this class is 2097150. (2^21 -2). The number of hosts that can belong to each network is 254 or 2^8 - 2.
Notice that as the number of networks in each class increases, the number of hosts that each of the networks can accommodate decreases. This is because each network has a address of 32 bits or 4 bytes. Each byte is the same as 8 bits or an octet.
In terms of bits and bytes, a class A IP address has an 8 bit network address and a 24 bit host address. A class B IP address has 16 bit network address and 16 bit host address. Finally, a class C IP address has a 24 bit network address and 8 bit host address.
In the above calculations you might have noticed that each calculation is composed of the number 2 to the power of a number not greater than 32 minus 2.
Example:
In order to find out how many networks and hosts are possible for a class A network we perform the following calculations.
First, we know it's a class A Network. By definition the network part of the IP address must be 8 bits long and we also know that an IP address cannot be more than 32 bits long so 32 - 8 is 24. The host part of the network is 24 bits long. 2^8 - 2 = Number of Networks, 2^24 - 2 = Number of hosts each network.
Why the - 2?
You must subtract 2 IP addresses from each calculation because 1 is used as the broadcast address and the other as the Network ID.
Normally and IP address is accompanied by a subnet mask. The subnet mask helps a computer determine how many hosts are in the network.
Class A subnet mask is 255.0.0.0.Class B subnet mask is 255.255.0.0.Class C subnet mask is 255.255.255.0.
Sunday, June 7, 2009
How to Administer a Headless Solaris Server
I only confirmed this with Sun Ultra 5/10 workstations but I'm sure that in some form or another it's true for all Sun workstations and servers.
If, during boot up, a Sun workstation or server does not detect an input device such as a keyboard or mouse, the console will be redirected to COM 1. This is helpful when trying to install Solaris from scratch on a headless server.
A null modem cable and terminal emulation software such as putty is also needed.
If, during boot up, a Sun workstation or server does not detect an input device such as a keyboard or mouse, the console will be redirected to COM 1. This is helpful when trying to install Solaris from scratch on a headless server.
A null modem cable and terminal emulation software such as putty is also needed.
Thursday, May 28, 2009
How To Change the Monitor Resolution on Solaris 10
Fbconfig is the utility that you can use to change the monitor resolution on a Solaris 10 workstation.
Typing fbconfig -res \? will yield a list of valid resolutions, some of them will have a * , these are the resolutions that your monitor does not support.
If you execute the fbconfig command from the console with the wrong parameters, your monitor might become unreadable. All is not lost, ssh into the Solaris 10 box and issue the fbconfig command along with a safe resolution. Most of the time the changes will take place immediately if you issue the "now" option.
fbconfig -res 1152x900x66 try - the system will test the 1152x900x66 resolution for 10 seconds, ctrl+c will stop the test and revert the changes. typing no at the end of the 10 seconds will also have the same result.
fbconfig -res 1152x900x66 now - the system will set the resolution to 1152x900x66 without any sort of test. This change cannot be undone without reissuing the fbconfig command again along with a safe resolution.
Depending on the type of graphics card, also take a look at m64config and ffbconfig.
Here is the manual...
--------------------------------------------------------
fbconfig [-list] [-dev devname abbreviation][-res video-mode] [-propt] [-prconf] [-help]
-list List installed and configurable frame buffers
Usage:
ffbconfig [-dev devname] [-file machine system ][-res video-mode [now] [noconfirm] [nocheck] [try]][-deflinear true false] [-defoverlay true false][-linearorder first last] [-overlayorder first last][-expvis enable disable] [-sov enable disable][-maxwids n] [-extovl enable disable][-g gamma-correction value] [-gfile filename][-defaults][-propt] [-prconf] [-help] -dev device to configure.
Default: /dev/fbs/ffb0-file which OWconfig file to update.
Default: machine-res video-mode to set on device.
-res \? will show list of possible video modes.
-deflinear If true, default visual will be linear visual. Default: false.
-defoverlay If true, default visual will be overlay visual. Default: false.
-linearorder If "first", linear visuals will be selected before non-linear visuals. Default: last.
-overlayorder If "first", overlay visual will be selected before non-overlay visual. Default: last.
-expvis If enabled, OpenGL Visual Expansion will be enabled. Default: disabled.
-sov If enabled, Server Overlay Visuals will be available. Default: disabled.
-maxwids number of WIDs to allocate. This option is availble only if extended overlay mode is disabled. Must be between 1 and 64 and an even power of two. Default: 32.
-extovl If enabled, Extended Overlay Mode is enabled. In the Extended Overlay Mode,
-maxwid option is not available. Default: enabled.
-g Gamma Correction Value Default: 2.220000.
-gfile Filename of the file containing Gamma Correction Table.
-defaults set all options for specified device back to default values (except for -dev).
-propt print out current option settings.
-prconf print out device hardware configuration.
-help print out this message.
---------------------------------------------------------------
Typing fbconfig -res \? will yield a list of valid resolutions, some of them will have a * , these are the resolutions that your monitor does not support.
If you execute the fbconfig command from the console with the wrong parameters, your monitor might become unreadable. All is not lost, ssh into the Solaris 10 box and issue the fbconfig command along with a safe resolution. Most of the time the changes will take place immediately if you issue the "now" option.
fbconfig -res 1152x900x66 try - the system will test the 1152x900x66 resolution for 10 seconds, ctrl+c will stop the test and revert the changes. typing no at the end of the 10 seconds will also have the same result.
fbconfig -res 1152x900x66 now - the system will set the resolution to 1152x900x66 without any sort of test. This change cannot be undone without reissuing the fbconfig command again along with a safe resolution.
Depending on the type of graphics card, also take a look at m64config and ffbconfig.
Here is the manual...
--------------------------------------------------------
fbconfig [-list] [-dev devname abbreviation][-res video-mode] [-propt] [-prconf] [-help]
-list List installed and configurable frame buffers
Usage:
ffbconfig [-dev devname] [-file machine system ][-res video-mode [now] [noconfirm] [nocheck] [try]][-deflinear true false] [-defoverlay true false][-linearorder first last] [-overlayorder first last][-expvis enable disable] [-sov enable disable][-maxwids n] [-extovl enable disable][-g gamma-correction value] [-gfile filename][-defaults][-propt] [-prconf] [-help] -dev device to configure.
Default: /dev/fbs/ffb0-file which OWconfig file to update.
Default: machine-res video-mode to set on device.
-res \? will show list of possible video modes.
-deflinear If true, default visual will be linear visual. Default: false.
-defoverlay If true, default visual will be overlay visual. Default: false.
-linearorder If "first", linear visuals will be selected before non-linear visuals. Default: last.
-overlayorder If "first", overlay visual will be selected before non-overlay visual. Default: last.
-expvis If enabled, OpenGL Visual Expansion will be enabled. Default: disabled.
-sov If enabled, Server Overlay Visuals will be available. Default: disabled.
-maxwids number of WIDs to allocate. This option is availble only if extended overlay mode is disabled. Must be between 1 and 64 and an even power of two. Default: 32.
-extovl If enabled, Extended Overlay Mode is enabled. In the Extended Overlay Mode,
-maxwid option is not available. Default: enabled.
-g Gamma Correction Value Default: 2.220000.
-gfile Filename of the file containing Gamma Correction Table.
-defaults set all options for specified device back to default values (except for -dev).
-propt print out current option settings.
-prconf print out device hardware configuration.
-help print out this message.
---------------------------------------------------------------
Saturday, May 23, 2009
How to Install a Graphics Adapter on Sun Sparc Systems
Shutdown the system.
Install the the graphics adapter.
Start the system.
At the EEPROM (OpenBoot) type stop+A.
At the OK prompt type show-displays.
Choose a display - Normally each display will have a letter corresponding to it. (I chose b).
Type setenv output-device ctrl+y - This will set the system to use the new graphics adapter. Control + Y will paste in the graphics adapter's name.
Type reset to restart.
Connect monitor and wait for the system to start up.
Install the the graphics adapter.
Start the system.
At the EEPROM (OpenBoot) type stop+A.
At the OK prompt type show-displays.
Choose a display - Normally each display will have a letter corresponding to it. (I chose b).
Type setenv output-device ctrl+y - This will set the system to use the new graphics adapter. Control + Y will paste in the graphics adapter's name.
Type reset to restart.
Connect monitor and wait for the system to start up.
Monday, May 18, 2009
Turn Off Keyboard Beep
From Infrequently asked Solaris questions @ http://www.columbia.edu/~rtt2101/iaoq/#I.A1
How do I disable that annoying beep?
Method 1 - /usr/openwin/bin/xset b 0
Method 2 - /usr/openwin/bin/xset b off
Method 3 - /usr/openwin/bin/xset -b
Other Methods:
If you're working with bash insert bell-style none in your ~/.inputrc or /etc/inputrc.
Disconnect the PC speaker.
How do I disable that annoying beep?
Method 1 - /usr/openwin/bin/xset b 0
Method 2 - /usr/openwin/bin/xset b off
Method 3 - /usr/openwin/bin/xset -b
Other Methods:
If you're working with bash insert bell-style none in your ~/.inputrc or /etc/inputrc.
Disconnect the PC speaker.
Sunday, May 10, 2009
Managing Packages on Solaris
pkgadd - transfer software packages to the system.
pkgrm - remove a package from the system.
pkginfo - display software package information.
Doing a man page look up on each one of those commands will yield further explanation.
pkgrm - remove a package from the system.
pkginfo - display software package information.
Doing a man page look up on each one of those commands will yield further explanation.
Subscribe to:
Posts (Atom)
