PCI Compliance

PCI DSS Compliant

All servers run by SiteWizard Ltd for the SiteWizard and ShopWizard systems are fully PCI compliant.

It has come to our attention that people are paying for PCI Compliance checks and, often, not getting value for money. A simple automated tool is run that produces a long report, most of which is erroneous or misleading when applied to Red Hat or CentOS operating systems that are regularly updated.

We use CentOS Linux which is developed from Red Hat Enterprise and it gets security patches applied nightly using yum (via the command 'yum -y update' being applied from the root crontab).

PCI Compliance scanners that fail to understand the importance of backporting security patches will inevitably throw up many false positives.

Red Hat have this to say about backporting and security (and the exact same thing applies to CentOS linux too):

"...some security scanning and auditing tools make decisions about vulnerabilities based solely on the version number of components they find. This results in false positives as the tools do not take into account backported security fixes."

Open Port Issues

A simple "vulnerability scan" can throw false positives when scanning for open ports. We have some services enabled on our servers which are discovered by PCI Compliance scanning but are NOT OPEN TO PUBLIC ATTACK. Ports such as 21 (FTP) and 3306 (mySQL) are ONLY open on our servers to the IP addresses we have specified (our office IP addresses). This means there is NO SECURITY risk from these ports, despite showing up in a simple scan.

SiteWizard : Lyndean House : 30 - 34 Albion Place : Maidstone : Kent : ME14 5DZ Tel No.08450 60 88 60 : Fax No.08450 60 88 61
1996- www.SiteWizard.co.uk - SiteWizard is a Registered Trademark (Patent Pending)
Company Registration Number 03454062. Registered in England. VAT Number 683830804.

Our website uses cookies to improve your experience. We'll assume you're ok with that. For more details please see our Privacy Policy.
Find out more Friend SiteWizard on Facebook Follow SiteWizard on Twitter