[Owasp-pci-project] What is the definition of...

McGovern, James F (HTSC, IT) James.McGovern at thehartford.com
Wed Aug 26 13:31:00 EDT 2009


Could you expand on "1 primary function per server" in the scenario of:
 
- 1 OS running multiple instances of a database (all storing PCI stuff)
- 1 OS running multiple instances of a database partitioned via either
solaris containers or chroot where the root OS and PCI instances are in
a different jail. Assume that PCI and non-PCI traffic exits out of
different NICs and that the non-PCI instances couldn't even route/sniff
traffic on the PCI side.

________________________________

From: Ralph Durkee [mailto:rd at rd1.net] 
Sent: Wednesday, August 26, 2009 12:34 PM
To: McGovern, James F (HTSC, IT)
Cc: <owasp-pci-project at lists.owasp.org>
Subject: Re: [Owasp-pci-project] What is the definition of...




On Aug 26, 2009, at 11:30 AM, "McGovern, James F (HTSC, IT)"
<James.McGovern at thehartford.com> wrote:



	Can one use Solaris Containers as a component of segmentation? 

No, if it's the net segmentation between db & mid/web tier.  
Yes, if it used to meet other 1 primary function per server requirements
also should they have seperate network interfaces. Physical preferred ,
logical ok.
Obviosly the sharing of resources between the containers has to be
reviewed too. 

 

	What about chroot on Linux? 

No.

--Ralph Durkee 


	************************************************************s
	This communication, includingo attachments, is for the exclusive
use of addressee and may contain proprietary, confidential and/or
privileged information.  If you are not the intended recipient, any use,
copying, disclosure, dissemination or distribution is strictly
prohibited.  If you are not the intended recipient, please notify the
sender immediately by return e-mail, delete this communication and
destroy all copies.
	************************************************************

	_______________________________________________
	Owasp-pci-project mailing list
	Owasp-pci-project at lists.owasp.org
	https://lists.owasp.org/mailman/listinfo/owasp-pci-project
	

************************************************************
This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential and/or privileged information.  If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited.  If you are not the intended recipient, please notify the sender immediately by return e-mail, delete this communication and destroy all copies.
************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-pci-project/attachments/20090826/280f5ea1/attachment.html 


More information about the Owasp-pci-project mailing list