[Snort-users] Using snort in an PCI DSS environment

elof at ...6680... elof at ...6680...
Wed Nov 20 09:03:47 EST 2013


Anyone here using a snort sensor in an PCI environment?

I'm wondering about PCI compliance regarding logging of potential card 
numbers...


Say I have a snort sensor in a PCI environment.
Nothing in the sensor is configured to detect and log card numbers on 
purpose. Only normal IDS-rules are enabled.

Do PCI still force me to encrypt the harddrive just because there is a 
possibility that a card number *could* accidentally be logged?


What do your QSA say?

Yes, the sensor's HDD is in scope and must be encrypted.

or

No, a few potential card numbers, logged by accident, does not count. 
It's like saying you need to encrypt your mailserver's harddrive just 
because someone can e-mail you card numbers even though you haven't asked 
for them.

/Elof




More information about the Snort-users mailing list