Presentation is loading. Please wait.

Presentation is loading. Please wait.

RUM Security FAQ “Can RUM meet PCI DSS requirements?” − PCI: Do not use vendor-supplied defaults for system passwords and other security parameter Change.

Published byLee Cross Modified over 7 years ago

Similar presentations

Presentation on theme: "RUM Security FAQ “Can RUM meet PCI DSS requirements?” − PCI: Do not use vendor-supplied defaults for system passwords and other security parameter Change."— Presentation transcript:

1 RUM Security FAQ “Can RUM meet PCI DSS requirements?” − PCI: Do not use vendor-supplied defaults for system passwords and other security parameter Change the RUM and BAC default passwords to comply with this requirement. −PCI: Protect stored cardholder data Strip the card holder data out entirely from the session so it is never stored in RUM. If the data is stored in RUM, secure access through unique User IDs and Passwords and harden the OS and Database using industry standards. Data transmissions of data is always encrypted via SSL using HTTPS or SSH RUM has made virtual access controllable by physical location via network filtering capabilities associated with replay and raw data access −Other PCI requirements can be meet using IT process such as virus protection, intrusion detection, Information Security Policy and industry standard security practices

2 RUM Security FAQ “Can RUM meet HIPAA requirements?” RUM can be configured in a secure manner that meets HIPAA requirements: Encryption for all data in transit via SSL using HTTPS or SSH In memory http parameter data masking cleansing at the probe User & Role based visibility controls limit who can see what data Data granularity control by user to set who can see individuals or aggregate data Ability to selectively disable data depth and collection by application and user VPN compatible Listen only interfaces

3 RUM Security FAQ “Can RUM transmit customer data across the network using encryption?” Secure Encrypted Connections

4 RUM Security FAQ “Can we control who would have access to customer data in our environment based on a business need to know?” BAC provides Individual User Management controls to assign permissions for RUM: −Access control for RUM Engines −Access controls for RUM Engine settings by Engine Instance −Domains under RUM Engine Instances −RUM Applications in BAC −RUM Alerts −RUM Reports

5 RUM Security FAQ “Will RUM expose user IDs and Passwords along with other sensitive data?” RUM can and should be configured to mask any sensitive data How does it work……..

6 RUM Security FAQ Masking Sensitive Data in RUM The probe gets raw traffic from the tap or span port, decrypting the data first, if required, then parsing the content The probe then masks or removes sensitive http parameter data you define via the interface or regular expressions HTTP parameter data cleansing happens in memory so nothing sensitive is written to disk to compromise Next components are assembled to form one logical page Finally, the pages are arranged into one logical user session before being written to a secure file system on the RUM Engine for collection

7 RUM Security FAQ Defining Sensitive Data Settings Enter HTTP parameters to either omit or include selected data You can configure RUM to mask all URL parameters

8 RUM Security FAQ Masking URL Parameters To enable masking of all URL parameters except for those configured as sensitive data in an application: In the \conf\configurationmanager\Beatbox_Default_Const_C onfiguration.xml file on the RUM engine, under the [global] section, add the following line: reverse_omit_parameters true

Download ppt "RUM Security FAQ “Can RUM meet PCI DSS requirements?” − PCI: Do not use vendor-supplied defaults for system passwords and other security parameter Change."

Similar presentations

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.

Surviving the PCI Self -Assessment James Placer, CISSP West Michigan Cisco Users Group Leadership Board.
 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.

 The Citrix Application Firewall prevents security breaches, data loss, and possible unauthorized modifications to Web sites that access sensitive business.
Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server 2008. Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),

Notes: Update as of 1/13/2010. Vulnerabilities are included for SQL Server 2000, SQL Server 2005, SQL Server Oracle (8i, 9i, 9iR2, 10g, 10gR2,11g),
JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.

PCI Compliance Forrest Walsh Director, Information Technology California Chamber of Commerce.
Jeff Williams Information Security Officer CSU, Sacramento

Jeff Williams Information Security Officer CSU, Sacramento
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
Authentication James Walden Northern Kentucky University.

Authentication James Walden Northern Kentucky University.
Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.

Configuring Windows Vista Security Chapter 3. IE7 Pop-up Blocker Pop-up Blocker prevents annoying and sometimes unsafe pop-ups from web sites Can block.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.

GPUG ® Summit 2011 November 8-11 Caesars Palace – Las Vegas, NV Payment Processing Online and Within Dynamics GP PCI Compliance and Secure Payment Processing.
Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.

Contact Center Security Strategies Grant Sainsbury Practice Director, Dimension Data.
Lesson 19: Configuring Windows Firewall

Lesson 19: Configuring Windows Firewall
Why Comply with PCI Security Standards?

Why Comply with PCI Security Standards?
Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 10: Remote Access.
Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger 515-237-5007.

Payment Card Industry Data Security Standard (PCI DSS) By Roni Argetsinger
The Right Choice for Call Recording WWW.OAISYS.COM OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.

The Right Choice for Call Recording OAISYS and PCI DSS Compliance Managing Payment Card Industry Compliance with OAISYS Call Recording Solutions.
An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

An Introduction to PCI Compliance. Data Breach Trends About PCI-SSC 12 Requirements of PCI-DSS Establishing Your Validation Level PCI Basics Benefits.

Similar presentations

Ads by Google