Thu, Dec 27 2007 19:47
One function, one server - is it realistic today?
Read the PCI/DSS standards - https://www.pcisecuritystandards.org/tech/pci_dss.htm
And it states in 2.2.1 that servers shall...
2.2.1 Implement only one primary function per server (for example, web servers, database servers, and DNS should be implemented on separate servers)
Now it's clear that SBS will fail this rigid rule. But so will just about every modern server out there.
"I would be more concerned about meeting requirement 2.2.1 that asks the QSA to "verify that only one primary function is implemented per server." Based on what you describe, this server is nowhere close to meeting this requirement."
Nor does Windows 2008 for that matter with it's role wizards.
Show me a virtualized server. Is that "one function per server"? Show me a File and print server. It's storing files 'and' printing. Isn't that more than one primary function per server? Short of anyone running a server farm, to me this is an unrealistic guideline. This is why I would recommend that you take the issue off the table. When ensuring that you are dealing with credit card data, don't store it. Period. End of discussion. Then the PCI/DSS standard at 2.2.1 has no relevance.
Don't store credit card data on your networks, period. Then there is no questions.
Filed under: Security