[PCI-DSS] Requirement 2: Do not use vendor-supplied defaults for system passwords and other security - PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum

		PCI DSS FAQ - Payment Card Industry (PCI) Data Security Standard Discussion Forum > Payment Card Industry Data Security Standard Frequently Asked Questions (PCI DSS FAQ) > Build and Maintain a Secure Network
[PCI-DSS] Requirement 2: Do not use vendor-supplied defaults for system passwords and other security

[PCI-DSS] Requirement 2: Do not use vendor-supplied defaults for system passwords and other security Hackers (external and internal to a company) often use vendor default passwords and other vendor default settings to compromise systems. These passwords and settings are well known in hacker communities and easily determined via public information.

Threads in Forum : [PCI-DSS] Requirement 2: Do not use vendor-supplied defaults for system passwords and other security

Forum Tools

Search this Forum

Rating Thread / Thread Starter	Last Post	Replies	Views
[PCI-DSS] 2.1 Always change vendor-supplied defaults before installing a system on the network—for example, include passwords, simple network management protocol (SNMP) community strings, and elimination of unnecessary accounts. admin	03-18-2007 02:48 AM by admin	0	790
[PCI-DSS] 2.1.1 For wireless environments connected to the cardholder data environment or transmitting cardholder data, change wireless vendor defaults, including but not limited to default wireless encryption keys, passwords, and SNMP community strings. Ensure wireless device security settings are enabled for strong encryption technology for authentication and transmission. admin	03-18-2007 02:49 AM by admin	0	740
[PCI-DSS] 2.2 Develop configuration standards for all system components. Assure that these standards address all known security vulnerabilities and are consistent with industry-accepted system hardening standards. admin	03-18-2007 02:49 AM by admin	0	1,042
[PCI-DSS] 2.2.1 Implement only one primary function per server. admin	05-30-2010 08:11 AM by Roger Nebel	7	1,979
[PCI-DSS] 2.2.2 Disable all unnecessary and insecure services and protocols (services and protocols not directly needed to perform the device’s specified function). admin	03-18-2007 02:50 AM by admin	0	695
[PCI-DSS] 2.2.3 Configure system security parameters to prevent misuse. admin	03-18-2007 02:50 AM by admin	0	701
[PCI-DSS] 2.2.4 Remove all unnecessary functionality, such as scripts, drivers, features, subsystems, file systems, and unnecessary web servers. admin	03-18-2007 02:50 AM by admin	0	692
[PCI-DSS] 2.3 Encrypt all non-console administrative access. Use technologies such as SSH, VPN, or SSL/TLS for web-based management and other non-console administrative access. admin	03-18-2007 02:51 AM by admin	0	1,580
[PCI-DSS] 2.4 Shared hosting providers must protect each entity’s hosted environment and cardholder data. These providers must meet specific requirements as detailed in Appendix A: Additional PCI DSS Requirements for Shared Hosting Providers. admin	03-18-2007 02:51 AM by admin	0	2,101

Forum Tools	Search this Forum
Mark This Forum Read View Parent Forum	Search this Forum : Advanced Search

	New posts		Hot thread with new posts
	No new posts		Hot thread with no new posts
	Thread is closed

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts BB code is On Smilies are On [IMG] code is On HTML code is Off Forum Rules

All times are GMT -4. The time now is 08:31 AM.