2012/5/26 Arun Khan knura9@gmail.com:
Hi Eero,
On Sat, May 26, 2012 at 1:12 AM, Eero Volotinen eero.volotinen@iki.fi wrote:
2012/5/25 Arun Khan knura9@gmail.com:
I have a client project to implement PCI/DSS compliance.
The PCI/DSS auditor has stipulated that the web server, application middleware (tomcat), the db server have to be on different systems.
requirement "one primary function per server".
In addition the auditor has also stipulated that there be a NTP server, a "patch" server,
true also.
... snip ...
Thanks for your input on each points in OP. I appreciate it.
Usually you also need to implement WAF (web application firewall) on front of public webservers.
I think cheapest solution is use mod_security*) on apache and then proxy valid requests to tomcat.
*) http://www.modsecurity.org/
-- Eero, RHCE, CISSP