PCI Compliance Information and News
Welcome to the PCICompliance website. Our goal is to provide news and information on the way PCI DSS regulations affect credit companies, web site operators and those concerned with protecting data integrity under PCI DSS regulations.
 
Leaving Critical Servers Accessible from the Internet PDF Print E-mail
Tuesday, 10 June 2008 09:45

Security Mistake #3: Leaving Critical Servers Accessible from the Internet

The problem, then, is most VPN clients, especially those that are web-based, don't do any kind of security check. Those that do, often only perform an initial, limited test when the end-user is first connected. This test normally checks for confirmation that firewall or anti-virus software is installed. What happens if a user is connected to the VPN and the virus scanner is suddenly disabled?
Read more...
 
Two-Factor Authentication Without Tokens: PhoneFactor PDF Print E-mail
Monday, 09 June 2008 15:00
For most companies, information security is a top priority. Demand for protecting data and employee confidentiality is only continuing to grow, especially in industries that require a regulatory-compliant environment. However, applying usernames and passwords for authentication is insufficient. While two-factor authentication is an effective security solution, traditional token-based systems have been difficult to implement and administer, leading to limited adoption. PhoneFactor, a new product from Positive Networks, uses any mobile phone (or traditional phone) as the second authentication factor. Users do not need to carry an additional device, and there are no expensive tokens to manage. During login, PhoneFactor makes a call to the user’s phone, confirming the authentication. This second factor - the possession of the phone itself - adds a significant additional layer of security. PhoneFactor can be set up in hours without the purchase of any hardware.
Read more...
 
PhoneFactor Adds Phone-based Two-Factor Authentication for Microsoft Terminal Services PDF Print E-mail
Monday, 09 June 2008 18:00

Authentication Service Gives Administrators and End Users of Terminal Services a New Phone-Based Two-Factor Authentication Option

Positive Networks, a leading provider of security products and services, today announced a new version of PhoneFactor for use with Microsoft Terminal Services. PhoneFactor turns any phone into an authentication device and has been optimized to provide secure two-factor authentication for access to computers using Terminal Services, which enables millions of people to run applications over a network or to manage servers.
Read more...
 
 

PCI DSS News