Browse archive

Latest news

Information security executives need to be strategic thinkers

U.S. tech companies sharing bug info with U.S. govt before releasing fixes

Facebook, Microsoft and Apple disclose little on U.S. government data requests

Account takeover attempts have nearly doubled

It takes 10 hours to identify a security breach

Guccifer hacks U.S. nuclear security agency chief

British GCHQ spied on G20 delegates to gain advantage in talks

Cisco teams with IBM, Lancope, LogRhythm, Splunk and Symantec

Secure automated archiving from Imation

Red Hat unveils OpenStack certification and solution marketplace

Asia-wide targeted campaign drops backdoor, RAT

ISC-CERT warns about medical devices with hard-coded passwords

Hacking charge stations for electric cars

Log Management in PCI Compliance

by Dr. Anton Chuvakin - GCIA, GCIH, GCFA at LogLogic - Monday, 3 September 2007.

PCI Requirements Center on Security and Authorized Access

Complying with PCI, merchants and service providers not only meet their obligations to the payment system but create a culture of security that benefits everyone, including the top executives. The security requirements of PCI extend to all system components that are connected to the cardholder data environment:

Network components: firewalls, switches, routers, intrusion prevention and detection systems, proxies and content filters, wireless access points as well as other network and security appliances.
Servers: web, database, authentication, domain name service (DNS), mail, network time protocol (NTP), directory and others.
Applications: all purchased and custom apps, internally and externally facing web applications, Intranet applications, etc.

What is even more important is that companies must be able to verify and demonstrate their compliance status and to do so rapidly, whenever an audit takes place. Such proof of compliance is a fundamental and critical function that identifies and corrects potential pitfalls in the network, and ensures that appropriate levels of cardholder information security are maintained.

PCI requirements revolve around the following goals:

Build and maintain a secure network
Protect cardholder data in transit and at rest
Maintain a vulnerability management program
Implement strong access control measures and audit them on a regular basis
Continuously monitor networks and systems
Maintain an information security policy
Maintain audit trails of all of the above activities.

Log data plays a central role in meeting several of these goals. Specifically, without log data, companies cannot verify and audit access controls, other security safeguards and policies or even monitor their networks and systems as well as conduct incident response activities.

The PCI specification highlights the necessity of log data collection and management for meeting the key requirements. For example, Requirement 10 specifies that companies should “track and monitor all access to network resources and cardholder data.” The requirement specifies that companies “implement automated audit trails to reconstruct events for all system components.” These events include user access, actions taken, invalid logical access attempts, use of identification and authentication mechanisms, initialization of audit logs and creation or deletion of system-level objects. It also recommends recording audit trail entries for each event, including user ID, type of event, date and time, success or failure, origination of event, and the identity of the affected data or component.