[Snort-users] Using snort in an PCI DSS environment
jlay at ...13475...
Wed Nov 20 09:50:56 EST 2013
On 2013-11-20 07:03, elof at ...6680... wrote:
> Anyone here using a snort sensor in an PCI environment?
> I'm wondering about PCI compliance regarding logging of potential
> Say I have a snort sensor in a PCI environment.
> Nothing in the sensor is configured to detect and log card numbers on
> purpose. Only normal IDS-rules are enabled.
> Do PCI still force me to encrypt the harddrive just because there is
> possibility that a card number *could* accidentally be logged?
> What do your QSA say?
> Yes, the sensor's HDD is in scope and must be encrypted.
> No, a few potential card numbers, logged by accident, does not count.
> It's like saying you need to encrypt your mailserver's harddrive just
> because someone can e-mail you card numbers even though you haven't
> for them.
preprocessor sensitive_data: mask_output
to your snort.conf will make the logs compliant as this X's out all but
the last four, and will make your QSA happy.
More information about the Snort-users