ANS Documentation

Improve This Doc
  • Cloud
  • Domains and DNS management
  • Backup and High Availability
  • eCommerce Stacks
  • Security
    • DDoSX®
    • Web Application Firewall
    • Threat Monitoring and Threat Response
      • General Information and FAQs
      • How does it work?
      • System Requirements
      • Getting Started
      • Installing on a UKFast hosted server
      • Installing on a non-UKFast hosted server
      • PCI DSS Compliance
      • Alerts and rulesets
      • Attack Ruleset
      • High Level Alerts Explained
      • Alert Remediation Tips
      • Common Attacks
      • Databases
      • Exploits
      • File Monitoring (FIM)
      • Malware
      • Service Specific Alerts
      • System
      • Windows
      • Scans and Reconnaissance
    • McAfee Antivirus
    • Vulnerability Scans
    • ANS MDR
    • Keeping Magento secure
    • Keeping WordPress secure
    • Brute Force Attacks
    • CryptoLocker
    • Dirty COW
    • The Logjam attack
    • Meltdown and Spectre
    • Memcached security concerns and reflection/amplification DDoS attacks
    • Wana Decryptor / Wana Decrypt0r 2.0 / WannaCry
    • Log4J Vulnerability
    • Polkit Security Vulnerability CVE-2021-4034
    • CVE-2022-0847 - Dirty Pipe Vulnerability
  • Email
  • Monitoring and usage management
  • Networking
  • Operating systems
  • Webcelerator
  • MyUKFast
  • Home >
  • Security >
  • Threat Monitoring and Threat Response >
  • PCI DSS Compliance

PCI DSS Compliance¶

Built with PCI DSS in mind, UKFast’s Threat Monitoring can be used to bring your server up to standard with many of the criteria required to achieve PCI DSS compliance. Utilising baseline and vulnerability scanning tools, coupled with advanced Intrusion detection systems and log collection, Threat Monitoring can secure your server against threats and ensure a secure baseline is achieved, in accordance with PCI DSS.

UKFast’s Threat Monitoring can cover the following PCI DSS controls.

Control 2: Do not use vendor-supplied defaults for system passwords and other security parameters¶

Through the use of Threat Monitoring System Audit scanning, default credentials for many applications and services can be easily detected, prompting an alert for the credentials to be changed. Additionally, server security scanning can be used to determine insecure server configurations to further enhance security.

We support default credential scans for many web applications, local packages, databases and administration tools. We can also run system audit scans that will interrogate your server’s configuration against a UKFast approved PCI DSS 3.2 baseline.

Control 5: Use and regularly update anti-virus software or programs¶

Threat Monitoring can integrate closely with common Anti Virus services like McAfee AV and ClamAV to provide real-time alerts on detected items. Additionally, the UKFast Security team can assist in setting up real-time on-access malware scanning and scheduled malware scans for your solution.

Taking scanning to the next level, Threat Monitoring ties in closely with industry recognised rootkit scanners to detect even the most deceptive malware, including many rootkits, trojans and system backdoors. With the assistance of a UKFast security professional, these scans can be set up to run on a schedule and alerts set up for detection events.

Control 6: Develop and maintain secure systems and applications (Partial)¶

Partially covering control 6, Threat Monitoring can assist with protecting against attacks to your application’s code where applicable. Web-based applications can be protected against common web attacks, such as SQL Injections, CSS, PHP Remote file inclusion and much more, more on this can be found in our web attacks section.

UKFast’s security specialist can also work closely with you to implement compensating controls where applicable to further secure your applications for threats, such as IP allow listing, user-agent blocklisting and HTTP authentication.

File Integrity Monitoring can also be applied to critical application files, ensuring that unauthorised changes don’t go unnoticed. BY placing File Integrity Monitoring (FIM) on critical files, such as payment gateway files, admin login directories and configuration files, you will receive an alert should any changes acquire.

In addition, audit information can be applied to track what had changed in files, the user that changed the file and what process was used to make the changes, adding an audit trail for investigations.

Control 10: Track and monitor all access to network resources and cardholder data¶

Through the use of a lightweight software agent, Threat monitoring can capture your server’s log in realtime and securely send them to our enterprise-grade log interrogation infrastructure for analysis and storage. These logs are interrogated for incoming threats and automated actions are triggered to block attacks as they happen and send real-time alerts.

Threat Monitoring IP blocking allows attacks to be mitigated in real-time, stopping common attacks in their tracks and adding defensive capabilities to further improve on PCI DSS requirements.

In accordance with PCI DSS, these logs can be readily accessed for up to 3 months, and are archived for a further 9 months, providing up to 12 months of logs available upon request.

Control 11: Regularly test security systems and processes¶

Unofficial external and internal vulnerability scans can be run through the Threat Monitoring MyUKFast dashboard, easily providing a way to hunt down server and application vulnerabilities, outdated software and insecure configurations on your infrastructure in preparation for running a vulnerability scan from an approved scanning vendor to achieve PCI compliance. These scans are provided in a report that can be easily used to reference PCI DSS for internal audits, utilising a regularly updated list of industry recognised CVE numbers and scores. (Please note UKFgast is currently not an ASV, and cannot provide official PCI DSS vulnerability scans to achieve compliance, all scans are for test purposes only)

The additional product, our Threat Response service allows regular updating and patching to be offloaded to our security engineers, utilise their expertise to manage regular software updates and applying security pates for items found in vulnerability scans and critical CVEs as they are released.

References and Credit:

https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security

Icons made by itim2101

Next Article > Alerts and rulesets

  • Useful Links
  • SMB
  • Enterprise
  • Channel
  • Public Sector
  • ANS Data Centres
  • About ANS
  • Careers
  • Blog
  • Get in touch
  •  
  • Sales 0800 458 4545
  • Support 0800 230 0032
  • Get in touch

© ANS Group Limited | Terms and Conditions | Corporate Guidance | Sitemap
ANS Group Limited, registered in England and Wales, company registration number 03176761, registered office 1 Archway, Birley Fields, Manchester M15 5QJ