pci dss 1 - pci security standards · pdf filepci dss d, 2.0, 2010 . (c) pci security...
TRANSCRIPT
D
-
2.0
2010 .
PCI DSS D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 i
1 2008 . 1.2 PCI DSS 1.2
1.1.
28 2010 .
2.0 PCI DSS 2.0.
PCI DSS D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 ii
.................................................................................................. i
(PCI DSS):
..................................................................................................... iv
....................................................................................................... vi
................................................................. vi
PCI DSS .............. vii
................................... viii
, D, -
............................................................................................. 1
, D,
............................................................................................................................... 1
D
........................................................................... 1
................................................................ 1 1.
......................................................................................... 1 2. ,
.............................................................. 5
....................................................................................... 8 3. ............. 8 4.
......................................... 13
.......................................................................... 14 5.
............................................................................................. 14 6.
................................................................................................................... 14
....................................................................... 20 7.
................................................................. 20 8. ,
..................................... 21 9.
.......... 25
................................................................. 29 10.
............................................................... 29 11. ,
.......................................................................................... 31
.............................................................................................. 37 12.
.............................. 37
PCI DSS D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 iii
. PCI DSS
42
A.1.
..................................................................................... 42
.
........................................................... 44
.
.............. 46
................................................. 47
.
................................ 49
PCI DSS D, 2.0, (PCI DSS):
2010 .
(C) PCI Security Standards Council LLC, 2010 iv
(PCI DSS):
PCI DSS , .
(PCI DSS):
-
PCI DSS:
-
(PCI DSS):
-
(PCI DSS): -
, 1
(PCI DSS): B
- ,
1
(PCI DSS): C-VT
- ,
1
(PCI DSS):
- ,
1
(PCI DSS): D
-
, 1
1 , , .
:
, , .
PCI DSS D, 2.0, (PCI DSS):
2010 .
(C) PCI Security Standards Council LLC, 2010 v
: ,
-
PCI DSS C,
2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 vi
( ) D - , A C ( ),
.
- , (
), . -
, .
B - ,
, .
C-VT - , -
C - ,
,
D - , A-C,
, .
D - , A C , ,
. - , D
:
, D, PCI DSS, -
. , , , PCI DSS,
. , , . .
PCI DSS C,
2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 vii
PCI DSS.
PCI DSS
1. PCI DSS.
2. ( ) D ,
.
3. ASV- (ASV
Approved Scanning Vendor) PCI DSS
.
4. .
5. , ASV- - ( - ),
( ).
PCI DSS C,
2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 viii
: D
PCI DSS, . . , .
, , , ( ,
1.2.3, 2.1.1 4.1.1). , 11.1 (
)
, ,
.
, ( 6.3 6.5), ,
.
9.1 9.4 . ,
, , , , .
POS- , , ,
, .
: , , /
. , .
PCI DSS D, 2.0, , - 2010 . (C) PCI Security Standards Council LLC, 2010 1
, D, -
- PCI DSS, .
, PCI DSS .
1. - ,
1a.
: :
: :
: . :
, : :
, : : :
URL- :
1b. , ( )
:
:
:
: . :
, : :
, : : :
URL- :
2. - ( ):
( ):
( ):
, , . .,
PCI DSS D, 2.0, , - 2010 . (C) PCI Security Standards Council LLC, 2010 2
PCI DSS:
2a.
( , , - , ,
. .)?
-?
2b.
, ?
, , :
PABP/PA-DSS
3. PCI DSS
, D ( ), ( - ) ( ):
. , , , ,
PCI SSC Approved Scanning Vendor (ASV). , ( - ) PCI DSS.
. ,
,
,
PCI SSC Approved Scanning Vendor (ASV). , ( - ) PCI DSS.
.
, , 4 . 4
- , .
3a.
- :
PCI DSS D, 2.0, , - 2010 . (C) PCI Security Standards Council LLC, 2010 3
D PCI DSS ( C) .
.
, .
PCI DSS ( ) PCI DSS.
, , 2, CAV2, CVC2, CID, CVV23, - 4
.
3b. -
-
-
-
4.
. - , ,
, , . 4 -
, .
PCI DSS
( )
( )
2 , ( ),
. . , ,
. 3 - , ,
. 4
, PIN- .
PCI DSS D, 2.0, , - 2010 . (C) PCI Security Standards Council LLC, 2010 4
PCI DSS (
) (
1
2 ,
3
4
5
6
7
8 ,
9
10
11 , .
12
PCI DSS D, 2.0, , - 2010 . (C) PCI Security Standards Council LLC, 2010 1
, D,
PCI DSS, . ,
PCI DSS: .
1. ,
1a. -
: :
: :
: . :
, : :
, : : :
URL- :
1b. , ( )
:
:
:
: . :
, : :
, : : :
URL- :
2. PCI DSS
2a. , PCI DSS ( )
3-D Secure
PCI DSS D, 2.0, , - 2010 . (C) PCI Security Standards Council LLC, 2010 2
-
POS-
-
( ):
, , . ., PCI DSS:
PCI DSS D, 2.0, , - 2010 . (C) PCI Security Standards Council LLC, 2010 3
2b. - ,
PCI DSS, :
3-D Secure
-
POS-
-
( ):
2c.
( , , - , , . .)?
2d.
, ?
PABP/PA-DSS
, , :
3. PCI DSS
, D ( ), ( ) ( ):
. , , , ,
PCI SSC Approved Scanning Vendor (ASV). , ( ) PCI DSS.
PCI DSS D, 2.0, , - 2010 . (C) PCI Security Standards Council LLC, 2010 4
. ,
,
, PCI SSC Approved Scanning Vendor (ASV). , ( )
PCI DSS.
.
, , 4 . 4
- , .
PCI DSS D, 2.0, , - 2010 . (C) PCI Security Standards Council LLC, 2010 5
3a.
:
D PCI DSS ( C) .
.
PCI DSS ( ) PCI DSS.
, , 5, CAV2, CVC2, CID, CVV26, - 7
.
3b.
4.
. - , ,
, , . 4 -
, .
5 , ( ),
. . , ,
. 6 - , ,
. 7
, PIN- .
PCI DSS D, 2.0, , - 2010 . (C) PCI Security Standards Council LLC, 2010 6
PCI DSS
( )
( )
1
2 ,
3
4
5
6
7
8 ,
9
10
11 , .
12
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 1
D
.
PCI DSS PCI DSS.
:
1.
PCI DSS :
*
1.1
, :
1.1.1
?
1.1.2 ( ) ( ,
) ,
?
( ) .
1.1.3 (a)
, DMZ ?
( ) ?
1.1.4 ,
?
1.1.5 (a)
, , ( , HTTP, SSL, SSH, VPN)?
* ( / ) . , ,
( . ).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 2
PCI DSS :
*
( ) ,
?
, ?
. , , , FTP, Telnet,
POP3, IMAP SMTP.
1.1.6 (a)
?
( )
?
1.2 ,
?
. , ,
/ , .
1.2.1 (a)
, ?
( ) ,
?
1.2.2
?
1.2.3 ,
, - ?
1.3
?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 3
PCI DSS :
*
1.3.1 DMZ
, ,
?
1.3.2 - IP-, DMZ?
1.3.3
?
1.3.4 DMZ ?
1.3.5 ?
1.3.6 , . . ( )?
1.3.7 ( , ), ,
, DMZ ?
1.3.8 (a) , IP-
?
. IP- :
Network Address Translation (NAT);
,
-/
;
, ;
RFC1918 .
( ) IP- ?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 4
PCI DSS :
*
1.4 (a) ( ,
), ?
( ) (
)?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 5
2. ,
PCI DSS :
*
2.1 , , ?
, , , SNMP;
.
2.1.1 ,
, :
(a) ?
, - , ,
?
(b) SNMP ?
(c) / ?
( )
?
( ) ,
( )?
2.2 (a) ,
? ,
, SANS, (NIST),
(ISO) (CIS).
(b) ( ) ,
6.2?
* ( / ) . , ,
( . ).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 6
PCI DSS :
*
(c) ( ) ?
(d) :
2.2.1 (a) (
, ,
)?
( , - , DNS- ).
( ) :
?
2.2.2 (a) , . ., (
, , )?
( ) , ?
, ?
, , SSH, S-FTP, SSL IPSec VPN
NetBIOS, , Telnet, FTP . .
2.2.3 (a) , ,
?
( ) ?
( ) ?
2.2.4 ( ) , , , ,
, - ?
( ) ? ?
( ) ?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 7
PCI DSS :
*
2.3 ( ) :
, SSH, VPN SSL/TLS -
.
(a) (
)?
( ) , Telnet
?
( ) - ?
2.4 ,
, ?
. . PCI DSS ( - ) .
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 8
3.
PCI DSS :
*
3.1
:
3.1.1 (a) ,
, ?
, X
Y.
( ) ,
, ,
?
( ) ?
( ) , , ?
( )
,
, .
, ,
.
( ) ,
?
* ( / ) . , ,
( . ).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 9
PCI DSS :
*
3.2 (a) ,
:
, ?
( ) :
, ,
?
( )
( )?
3.2.1 ( ,
, ) ?
, , 1 , 2
.
.
:
;
(PAN);
;
.
.
3.2.2 CVC , ,
( - , ),
?
3.2.3 (PIN), PIN-
?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 10
PCI DSS :
*
3.3 PAN ( PAN
6 4)?
.
, PAN.
, , POS- .
3.4 PAN ( ,
) ?
- ( PAN).
( PAN).
One-Time-Pad ( , )
(index tokens).
.
.
PAN. PAN
- ,
, PAN .
3.4.1 ( ),
?
( )
( , )?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 11
PCI DSS :
*
( ) ( , ,
)?
( ) ?
.
,
.
3.5 , ,
?
.
, .
, .
3.5.1 ,
?
3.5.2 (a) ?
?
( )
?
3.6 (a)
?
(b) :
, ,
, 3.6.1-3.6.8, ?
(c) ?
3.6.1
.
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 12
PCI DSS :
*
3.6.2 .
3.6.3 .
3.6.4 , ( , ,
),
( , 800-57 NIST)
.
3.6.5 (a) ( , , )
( , ,
), , .
(b) , .
(c) , .
3.6.6
( , ,
, 2-3 )
? .
( ): , , , .
3.6.7
?
3.6.8 (
), ?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 13
4.
PCI DSS :
*
4.1 (a) , SSLTLS, SSH IPSEC,
? ,
I DSS, , .
(b) ?
(c) , ?
(d) (
)?
(e) SSL/TLS:
URL- HTTPS?
, URL- HTTPS?
4.1.1 ( , IEEE 802.11i)
,
?
. WEP 30
2010 .
4.2 (a) PAN
( , , )?
(b) , PAN
?
* ( / ) . , ,
( . ).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 14
5.
PCI DSS :
*
5.1 , ?
5.1.1 ( , ,
, , , , )?
5.2 , :
(a) ?
(b) ?
(c) ?
(d) , 10.7
PCI DSS?
6.
PCI DSS :
*
6.1 (a) ,
?
* ( / ) . , ,
( . ).
* ( / ) . , ,
( . ).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 15
PCI DSS :
*
( ) ?
. ,
. , (
, ) , ,
.
6.2 (a) ? ,
.
. . ,
, 4.0 CVSS; ,
, , .
30 2012 ,
.
( )
?
6.3 (a)
?
(b) ?
(c) PCI DSS ( ,
)?
(d) ?
6.3.1 ,
.
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 16
PCI DSS :
*
6.3.2 (
)
?
,
.
( . 6.5 PCI DSS).
.
.
. ( ,
) .
, . -
; ,
, 6.6 PCI DSS.
6.4 , ?
6.4.1 ,
, .
6.4.2 ,
.
6.4.3 ( PAN)
.
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 17
PCI DSS :
*
6.4.4
.
6.4.5 (a) ,
, . . 6.4.5.1
6.4.5.4?
( ) ?
6.4.5.1
.
6.4.5.2
.
6.4.5.3
(a) ,
.
( )
6.5 PCI DSS .
6.4.5.4
.
6.5 (a) ?
( OWASP, SANS CWE Top 25, CERT
.).
(b) ?
(c)
, ?
. , 6.5.1
6.5.9 ,
PCI DSS.
.
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 18
PCI DSS :
*
6.5.1 , , SQL- . ( ,
, . .).
, LDAP Xpath .
6.5.2 . .
6.5.3 . ( ).
6.5.4 . ( ).
6.5.5 . ( ).
6.5.6 ,
, (
6.2 PCI DSS).
. 30 2012
,
.
- ( ) :
6.5.7 (XSS). ( ,
- . .)
6.5.8 ( , ,
URL ). ( .
).
6.5.9 (CSRF). (
).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 19
PCI DSS :
*
6.6 - ( )
?
( ):
o
o
o ,
o
o .
-
- .
. , ,
,
.
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 20
7.
PCI DSS :
*
7.1 ,
?
7.1.1 ,
?
7.1.2 ?
7.1.3 (
) ?
7.1.4 ?
7.2 ,
, ?
7.2.1 ?
7.2.2 ?
7.2.3 , ?
.
, .
* ( / ) . , ,
( . ).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 21
8. ,
PCI DSS :
*
8.1
?
8.2 ,
?
, ( )
, ( - )
, ( )
8.3 ,
( )?
, , RADIUS ;
TACACS , ,
.
.
( . PCI DSS 8.2).
( , ) .
8.4
?
( ) : ?
8.5
, :
* ( / ) . , ,
( . ).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 22
PCI DSS :
*
8.5.1 , ,
, (
) ?
8.5.2
( , , , )?
8.5.3
?
8.5.4 ?
8.5.5 ( ) , 90
?
8.5.6 ( ) , , ,
?
( ) ,
?
8.5.7 ,
?
8.5.8 , ,
, ( )?
.
.
- .
8.5.9 (a) 90 ?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 23
PCI DSS :
*
( ) : ?
, ?
8.5.10 ( ) 7 ?
( ) :
?
8.5.11 (a) , ?
( ) : (a) , ?
8.5.12 ( )
?
( ) :
?
8.5.13 (a) ( )
?
( ) :
(
) ?
8.5.14 30
?
8.5.15 ( , )
15 ?
8.5.16 (a) ,
? ( ,
).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 24
PCI DSS :
*
( ) ,
( , , ) ( ,
)?
( ) ?
( ) (
)?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 25
9.
PCI DSS :
*
9.1 ,
, , ?
9.1.1 (a) , ?
. , ,
, ,
. POS- ,
.
(b) ?
(c) , , ?
3 ( )?
9.1.2 ? ( ,
, ).
?
9.1.3 , , , /
?
* ( / ) . , ,
( . ).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 26
PCI DSS :
*
9.2 , ?
, , ,
, , .
, ,
, , ,
.
(a) :
(b) ?
( ) ,
?
9.3 :
9.3.1 ,
?
9.3.2 ( ) ( ,
), ?
( ) ?
9.3.3
?
9.4 (a) ,
,
?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 27
PCI DSS :
*
(b) , ,
, ? ?
9.5 (a) ( ),
, ?
( ) ?
9.6 ( ,
, , , )?
, .
9.7 (a)
?
(b) ?
9.7.1
?
9.7.2 , ?
9.8 , ,
(
)?
9.9 ?
9.9.1
? ?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 28
PCI DSS :
*
9.10 , ,
- ?
?
9.10.1 (a) ,
, ?
( ) ,
, ? ( ,
, , ?)
9.10.2 ,
?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 29
10.
PCI DSS :
*
10.1 (
), ?
10.2 ?
10.2.1 .
10.2.2 , .
10.2.3 .
10.2.4 .
10.2 5 .
10.2.6 .
10.2.7 .
10.3 ?
10.3.1 .
10.3.2 .
10.3.3 .
10.3.4 .
10.3.5 .
10.3.6 , , .
* ( / ) . , ,
( . ).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 30
PCI DSS :
*
10.4 (a) ?
?
. (Network Time
Protocol).
( ) , ?
10.4.1 (a)
, (International
Atomic Time) (UTC)?
( ) ,
?
10.4.2 ?
(a) , ?
( ) , ?
10.4.3 ?
( ).
, IP- ,
( ).
10.5 ?
10.5.1 ,
?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 31
PCI DSS :
*
10.5.2 ,
?
10.5.3
, ?
10.5.4 , ( , , DNS,
)
, ?
10.5.5
( )?
10.6 ?
?
(IDS) , , ( , RADIUS).
. 10.6
, .
10.7 (a) ,
?
( ) ?
3 ?
11. ,
PCI DSS :
*
* ( / ) . , ,
( . ).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 32
PCI DSS :
*
11.1 ( )
?
.
, , ,
, (NAC) IDS/IPS.
,
.
( )
, , , :
WLAN, ;
( , USB . .);
?
( )
?
( ) ( , IDS/IPS,
. .), ?
( ) ( 12.9)
?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 33
PCI DSS :
*
11.2 ,
( , ,
, , )?
. PCI DSS
, : 1) , 2)
, 3)
. ,
PCI DSS, .
11.2.1 (a) ?
( )
, 6.2 PCI DSS?
( )
? , ,
( QSA ASV )?
11.2.2 (a) ?
( )
ASV- (ASV Program Guide) ( ,
4.0 (CVSS),
)?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 34
PCI DSS :
*
( )
(ASV), PCI SS?
11.2.3 (a)
, ( ,
, , , )?
.
.
( )
:
4.0 (CVSS);
, ,
, 6.2 PCI DSS.
( )
? , ,
( QSA ASV )?
11.3 (a) ,
( , , ,
- )?
(b) ?
(c)
? , ,
( QSA ASV )?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 35
PCI DSS :
*
:
11.3.1 .
. , ,
.
11.3.2 .
. , , ,
6.5 PCI DSS.
11.4 (a)
?
(b) IDS / IPS ?
(c)
?
11.5 (a) ?
, :
;
;
;
,
, .
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 36
PCI DSS :
*
(b)
, ?
? .
, ,
.
, , .
, , ( . . -
).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 37
12.
PCI DSS :
*
12.1 , ,
?
, , ,
, ,
.
12.1.1 PCI DSS?
12.1.2 (a) ,
,
?
( , , OCTAVE, ISO 27005 NIST SP 800-
30).
( ) ?
12.1.3 , ,
- ?
12.2 ,
( , , )?
* ( / ) . , ,
( . ).
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 38
PCI DSS :
*
12.3 ( ,
, , , , ,
), ?
?
12.3.1 .
12.3.2 .
12.3.3 , .
12.3.4 , ,
.
12.3.5 .
12.3.6 .
12.3.7 .
12.3.8 .
12.3.9
.
12.3.10 ( ) , :
, ,
,
?
( ) :
PCI DSS?
12.4 ,
?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 39
PCI DSS :
*
12.5
, ?
:
12.5.1 , .
12.5.2 , ,
.
12.5.3 ,
, ?
12.5.4 , , .
12.5.5 .
12.6 (a)
?
( ) ?
12.6.1
( , , , ,
)?
.
.
, ,
?
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 40
PCI DSS :
*
12.6.2
?
12.7 ? (
, , ,
).
. , , , ,
, .
12.8 , ,
?
12.8.1 ?
12.8.2 ,
?
12.8.3
?
12.8.4 PCI DSS?
12.9
?
12.9.1 (a) ,
?
(b) :
, , , ,
;
;
;
PCI DSS SAQ D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 41
PCI DSS :
*
;
;
;
.
12.9.2 ?
12.9.3 , 24/7?
12.9.4 , , ?
12.9.5
, ?
12.9.6
?
PCI DSS D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 42
. PCI DSS
A.1.
PCI DSS :
*
A.1 ( . . - , ),
A.1.1 A.1.4:
- , PCI DSS.
. - PCI DSS, ,
, , .
PCI DSS.
A.1.1 ?
?
:
, - .
CGI- , ,
.
A.1.2 ?
(a) / ?
* ( / ) . , ,
( . ).
PCI DSS D, 2.0,
2010 . (C) PCI Security Standards Council LLC, 2010 43
PCI DSS :
*
( ) , ? (
, , chroot, jailshell . .)
. .
( ) ?
( ) ?
( ) ?
,
( , ,
).
A.1.3
10 PCI DSS?
( - ):
?
?
, ?
?
A.1.4 ,
?
PCI DSS C, 2.0, .
2010 . (C) PCI Security Standards Council LLC, 2010 44
.
PCI DSS ,
- , , , .
:
1. , PCI DSS.
2. , PCI DSS, , . ( . PCI DSS:
PCI DSS.)
3. . ( PCI DSS
).
:
.
) ), , . .
,
. , .
a) PCI DSS , . ,
, . PCI DSS,
, . ., ,
. , PCI DSS , ( ).
b) PCI DSS , . , ,
.
,
. : 1)
; 2) .
c) PCI DSS . ,
3.4 ( , ),
, , 1) ; 2) IP- MAC- ; 3)
.
4. , PCI DSS;
, , , ,
PCI DSS C, 2.0, .
2010 . (C) PCI Security Standards Council LLC, 2010 45
PCI DSS. ,
, .
PCI DSS C, 2.0, C.
2010 . (C) PCI Security Standards Council LLC, 2010 46
.
,
.
. , , .
:
1.
,
.
2.
.
3.
,
.
4.
,
, (
).
5.
,
.
6.
,
.
PCI DSS C, 2.0, C.
2010 . (C) PCI Security Standards Council LLC, 2010 47
,
.
: 8.1
?
1.
,
.
XYZ Unix- LDAP-
. ,
( root ).
root
.
2.
. .
- ,
. - , ,
.
3.
,
.
,
.
4.
,
,
( ).
SU .
, ,
. ,
SU.
5.
,
.
XYZ , SU
, ,
,
root.
6.
, XYZ ,
SU
PCI DSS C, 2.0, C.
2010 . (C) PCI Security Standards Council LLC, 2010 48
. root
.
PCI DSS B, 2.0, .
2010 . (C) PCI Security Standards Council LLC, 2010 49
.
/
,
, .
,
.
9.3.1
, .