2012/5/26 Arun Khan <knura9@xxxxxxxxx>:
> Hi Eero,
>
> On Sat, May 26, 2012 at 1:12 AM, Eero Volotinen <eero.volotinen@xxxxxx> wrote:
>> 2012/5/25 Arun Khan <knura9@xxxxxxxxx>:
>>> I have a client project to implement PCI/DSS compliance.
>>>
>>> The PCI/DSS auditor has stipulated that the web server, application
>>> middleware (tomcat), the db server have to be on different systems.
>>
>> requirement "one primary function per server".
>>
>>> In addition the auditor has also stipulated that there be a NTP
>>> server, a "patch" server,
>>
>> true also.
>
> ... snip ...
>
>
> Thanks for your input on each points in OP. I appreciate it.
Usually you also need to implement WAF (web application firewall) on
front of public webservers.
I think cheapest solution is use mod_security*) on apache and then
proxy valid requests to tomcat.
*) http://www.modsecurity.org/
--
Eero, RHCE, CISSP
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
