Enhanced web server security with PCI compliant hosting
Did you know that all merchants that process credit cards online must adhere to the Payment Card Industry Data Security Standards (PCI-DSS)?
We help you on your way towards PCI compliance by applying the current security best-practices and server hardening recommendations.
What is the PCI-DSS?
The PCI Data Security Standards is a set of standards and measurements designed to enhance payment card data security and help organizations ensure the safe handling of cardholder information.
Do I need to care?
Yes! Currently, credit card brands like Visa and MasterCard require all merchants and service providers that process, store or transmit cardholder data to be validated according to the PCI-DSS.
Where do I start?
To become PCI compliant you must successfully pass a vulnerability scan from an approved scanning vendor, and fill out the Self-Assessment Questionnaire.
How does EveryHost help with PCI compliance?
See how we address each of the 12 requirements specified in the PCI Data Security Standard
1. Install and maintain a firewall configuration to protect cardholder data
Every Host applies stringent firewall rules that inspects and filter any unwanted traffic from the network, such as port sniffing attempts or packet flood attacks.
2. Do not use vendor-supplied defaults for system passwords and other security parameters
Strong Password Policy
All Every Host servers enforce a strong password policy to ensure user accounts and system services are not using weak passwords that can easily be cracked.
3. Protect stored cardholder data
Token-Based Payment System
It is your responsibility to implement this requirement.
Note: We do not recommend storing credit card information directly in your database. Instead, use a token-based payment system where sensitive card details are stored remotely with the payment processor provider.
4. Encrypt transmission of cardholder data across open, public networks
Every Host offers highly secure SSL certificates from the leading and most trusted SSL issuers in the industry. Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV) SSL certificates are available.
5. Use and regularly update anti-virus software on all systems commonly affected by malware
Managed Anti-Virus and Web Application Firewall
Every Host provides advanced Anti-Virus and Web Application Firewall toolkits for real-time web application monitoring and protection against malware and common security exploits.
6. Develop and maintain secure systems and applications
Automatic Security Updates and Kernel Patches
We offer automatic rebootless kernel updates through KernelCare by CloudLinux, which automatically applies new security patches and keeps your server protected against known vulnerabilities. The Mod Security web application firewall is installed and updated with the latest security rule set and PHP is secured by Suhosin, an extension which adds several patches to the PHP core and includes numerous other protections.
7. Restrict access to cardholder data by business need-to-know
Granular Access Control and “Least Privilege” Principle
Through the Every Host control panel, you can create accounts and assign privileges to only the users that should have access to a particular system or service, such as the FTP or database server. Restrict access by IP address or public-key authentication to further restrict who can access your server.
8. Assign a unique ID to each person with computer access
This requirement is covered by requirement 7.
9. Restrict physical access to cardholder data
Data Center Security
The Every Host servers are located in a state-of-the-art data center with SSAE-16/SAS-70 Type II certifications and SOC 1 Type 2 audit. Our facility conforms to the highest level of security, including 24/7 on-site security guards, interior and exterior camera surveillance, keycard locks and biometric palm scanner to restrict the access of unauthorized personnel.
10. Track and monitor all access to network resources and cardholder data
Proactive Monitoring and Log Inspection
Our engineers and security experts continuously monitors the server logs for suspicious activity and break-in attempts, and provide expert guidance and investigation in the event of an alleged security breach. Raw access logs are available upon request.
11. Regularly test security systems and processes
Every Host employs sophisticated Intrusion Detection Systems and various threat mitigation strategies to detect threats and vulnerabilities in real-time. Our highly skilled server engineers are available around-the-clock to immediately investigate and respond to alerts.
12. Maintain a policy that addresses information security
It is your responsibility to implement this requirement. It should be part of your organization’s security policy.
Our security suite combines all of the below to ensure your business is guarded against intruders, keeps its reputation and is online 100% of the time.
Web Application Firewall (WAF)
Our Web Application Firewall (WAF) constantly scans and analyzes the incoming traffic flow to your server, looking for malicious content based on different factors. Used in conjunction with Log Analysis, WAF guarantees an extremely low false positive rate while stopping attacks against the applications running on your server
add some things from here to show benefits of bitninja