0 Items In Cart
Total: $0.00
Checkout Now

Barracuda Networks Enables PCI DSS Compliance

Barracuda Web Application Controllers assist organizations of all types that store, process and/or transmit credit card numbers, comply with the Payment Card Industry Data Security Standard (PCI DSS) requirements. In response to increased identity theft incidents and security breaches, major credit card companies collaborated in Sept. 2006 to create the 12 procedural and system requirements, commonly known as PCI DSS version 1.1, to standardize how to store and access Primary Account Number (PAN) information.

PCI DSS Compliance Whitepaper:
Ensure PCI DSS Compliance

Most immediate for today's merchants and organizations is Section 6.6 of the PCI DSS compliance deadline on June 30, 2008, addressing the development and maintenance of secure systems and applications. Section 6.6 mandates all enterprise and Web applications handling credit card and account information must undergo an extensive audit of all custom application code that can be time consuming, labor intensive and a costly process to visit and revisit with each change to the application code. The alternative to satisfy PCI DSS Section 6.6 compliance is simply installing a Web application firewall.

Web Application Controller PCI DSS Compliance Architecture

Payment Card Industry Data Security Standard (PCI DSS) Requirements

The 12 PCI DSS requirements are organized into 6 main categories. To be fully compliant, an organization must satisfy all 12 requirements.

Maintain a Secure Network: Requirements 1 and 2
- Install and maintain a firewall configuration to protect cardholder data
- Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data: Requirements 3 and 4
- Protect stored cardholder data
- Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program: Requirements 5 and 6
- Use and regularly update anti-virus software
- Develop and maintain secure systems and applications
Implement Strong Access Controls: Requirements 7, 8, and 9
- Restrict access to cardholder data by business need-to-know
- Assign a unique ID to each person with computer access
- Restrict physical access to cardholder data
Regularly Monitor and Test Networks: Requirements 10 and 11
- Track and monitor all access to network resources and cardholder data
- Regularly test security systems and processes
Maintain an Information Security Policy: Requirement 12
- Maintain a policy that addresses information security

Source: PCI Security Standards version 1.1 - http://www.PCISecurityStandards.org.

Achieve PCI DSS Compliance

Barracuda Web Application Controllers, consisting of the Barracuda Web Application Firewall and Barracuda Application Gateway, are designed as easy and cost-effective solutions to achieve PCI DSS compliance. In addition to satisfying the time sensitive need to install a Web application firewall into your network for PCI DSS Section 6.6 compliance, Barracuda Web Application Controllers further ensures PCI DSS compliance with a host of other advanced technologies. Barracuda Web Application Controllers enable PCI DSS compliance across major requirements:

Requirement:	Barracuda Web Application Controller:
1 - Install a Firewall	Acts as a network firewall and a Web application firewall

3 - Protect data	Proxies Web traffic and insulates Web servers from direct access by attackers

4 - Encryption	Provides easy SSL encryption even if the application or server does not enable SSL

6 - Protect Against Vulnerabilities	Blocks known and zero-day attacks as well as the industry-accepted top 10 Web application vulnerabilities for custom development, legacy and third-party applications

7 - Restrict Access	Provides role-based administration to security policies

8 - Assign Unique IDs	Integrates with external authentication systems, such as LDAP for unique IDs

10 - Track and Monitor Access	Provides application access logging and interacts with AAA systems

PCI DSS section 6.5 is perhaps the most significant set of detailed requirements as it addresses application vulnerability, including coding guidelines, such as Open Web Application Security Project (OWASP). Barracuda Web Application Controllers directly address each of the requirements in section 6.5.

Requirement:	Barracuda Web Application Controller:

6.5.1 Unvalidated input (i.e., hidden field manipulation)	Validates incoming and outgoing session content against legitimate application behavior and usage

6.5.2 Broken access control (i.e., malicious use of user IDs)	Authenticates user access requests via integrated LDAP, RADIUS, CA SiteMinder and RSA Access Manager interfaces

6.5.3 Broken authentication and session management (i.e. cookie tampering, session hijacking)	Automatically encrypts session cookies and assigns unique session-IDs to ensure secure user sessions

6.5.4 Cross-site scripting (XSS) attacks	Inspects and verifies user input and incoming requests for any malicious code before forwarding it to backend servers

6.5.5 Buffer overflows	Detects and prevents attempts via the header or input fields to exceed memory capacity

6.5.6 Injection flaws (i.e., SQL injection)	Validates legitimacy of all Web requests and code accessing backend systems

6.5.7 Improper error handling	Cloaks Web application infrastructure from hackers attempting to expose vulnerabilities in error response and other messages

6.5.8 Insecure storage	Filters and intercepts outbound traffic to prevent transmission of sensitive information, such as passwords, credit card numbers, account records or proprietary information

6.5.9 Application Denial of service (DoS)	Monitors and controls amount of queries to the same URL from a single user

6.5.10 Insecure configuration management	Proxies all inbound and outbound Web traffic to neutralize any configuration vulnerabilities

Important Web Application Controller Links:

Buy Now Request Evaluation Unit Product Overview

Features Model Specifications PCI Compliance

A10 Networks A10 Networks

AX Series AX Features Evaluation Unit AX Comparison Get Pricing EX Series EX Features Evaluation Unit EX Comparison Get Pricing ID Series IDaccess Comparison IDsentrie Comparison Evaluation Unit Get Pricing

Barracuda Networks Barracuda Networks

Load Balancer Pricing/Purchase Evaluation Unit Features Subscriptions Model Comparison Deployment Documentation Webinar

Web App. Controller Pricing/Purchase Evaluation Unit Features Specifications

Coyote Point Coyote Point

Equalizer Load Balancer Price/Purchase Equalizer E250si Equalizer E350si Equalizer E450si Equalizer E550si Equalizer E650si Model Comparison

Equalizer Addons Documentation

Kemp Technologies Kemp Technologies

LoadMaster Overview Features Price/Purchase LoadMaster LM-1500 LoadMaster LM-2500 LoadMaster LM-3500 Model Comparison

Documentation

Solutions Solutions

Server Load Balancing WAN Load Balancing Traffic Shaping Network Visibility

Optrics Insider

Account Information



Home


Sign In


My Account


Checkout

Home

My Account

Checkout

LoadBalancerSolutions.com is owned by Optrics Engineering, a division of Optrics Inc., an authorized partner for all products on this site.
Optrics offers no-charge presale support, demos, post-sale assistance and training. Copyright 2008 Optrics Inc.

U.S.A.
1740 S 300 West #10
Clearfield, UT, U.S.A.
84015-3575
Fax: 801-705-3150
Toll Free: 1-877-386-3763
Direct: 1-780-430-6240

Canada
6810 - 104 St.
Edmonton, AB, Canada
T6H 2L6
Fax: 780-432-5630
Toll Free: 1-877-463-7638
Direct: 1-780-430-6240

Email Us: info@loadbalancersolutions.com