2012/5/26 Arun Khan <knu...@gmail.com>: > Hi Eero, > > On Sat, May 26, 2012 at 1:12 AM, Eero Volotinen <eero.voloti...@iki.fi> wrote: >> 2012/5/25 Arun Khan <knu...@gmail.com>: >>> I have a client project to implement PCI/DSS compliance. >>> >>> The PCI/DSS auditor has stipulated that the web server, application >>> middleware (tomcat), the db server have to be on different systems. >> >> requirement "one primary function per server". >> >>> In addition the auditor has also stipulated that there be a NTP >>> server, a "patch" server, >> >> true also. > > ... snip ... > > > Thanks for your input on each points in OP. I appreciate it.
Usually you also need to implement WAF (web application firewall) on front of public webservers. I think cheapest solution is use mod_security*) on apache and then proxy valid requests to tomcat. *) http://www.modsecurity.org/ -- Eero, RHCE, CISSP _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
