Page 40 - GS140201
P. 40
ChapterTitleCoverStory
Undermining your own defenses But many administrators are apparently too complacent
to put these barriers in place. Heilman made a direct
The goal of the Payment Card Industry (PCI) Data correlation between carelessly implemented security
Security Standard (DSS) is to create secure environments controls and data breaches. "In every single case that I've
by segmenting sensitive data from the rest of the corporate ever investigated, when an attacker got access to the PCI
network. But Heilman said segmented environments are environment, they exploited some type of hole that was
too often compromised by system administrators who allowed without mitigating security controls," he said.
disable security controls to make it easier to do work
across the entire network. Problems with PCI?
"Ultimately all they've done is take the highly segmented Heilman believes the best way to ensure network integrity
environment and open it up in the exact way the hacker is through proper segmentation. However, Narendra feels
needed to get access to the PCI environment," Heilman that security experts are still too focused on software.
stated. "Unfortunately, what has happened in the security
industry is, not all companies but some set of companies,
Another problem is that administrators fail to change if you look at the predominance, they all migrated from
passwords frequently or restrict the access of local hardware expertise in the last decade," he said. "Often
administrators to the entire domain by using different when you have conversations with the so-called security
passwords for granting access to different areas of the expert, most of them don't even understand what a smart
network. card is."
Heilman said if passwords were better differentiated, Narendra is also critical of the entire PCI DSS framework
"at best the attacker would get access to one system at a because it fails to address hardware as ultimately the best
time and force him to have to exploit something in every security solution. "PCI is grossly insufficient," he said.
system he wanted to get into rather than just giving him "It was valuable in the past, and now it is nothing but a
access to every single system because he compromised one patchwork. It does not mandate hardware. It is high time it
account." did. Without that, it will become irrelevant."
2014 is here...
Time to sign up for the 2014 GSQ Buyers Guide.
• Up to three (3) listings are free.
• Standard listing not good enough?
Only $200 per listing
Medium-sized color logo, name in bold, phone number and url in outline box.
• Still not enough, you say?
Our Gold listing might be just the thing. $250 per listing. Larger color logo, larger
text, name in bold, phone number and url in outline box.
•
Large Color logo, of text about your company, larger text, name in bold, phone
number and url in outline box for only $990 per listing.
We love to help!
Call Danielle at 707-284-1686
40
40
40
40
Undermining your own defenses But many administrators are apparently too complacent
to put these barriers in place. Heilman made a direct
The goal of the Payment Card Industry (PCI) Data correlation between carelessly implemented security
Security Standard (DSS) is to create secure environments controls and data breaches. "In every single case that I've
by segmenting sensitive data from the rest of the corporate ever investigated, when an attacker got access to the PCI
network. But Heilman said segmented environments are environment, they exploited some type of hole that was
too often compromised by system administrators who allowed without mitigating security controls," he said.
disable security controls to make it easier to do work
across the entire network. Problems with PCI?
"Ultimately all they've done is take the highly segmented Heilman believes the best way to ensure network integrity
environment and open it up in the exact way the hacker is through proper segmentation. However, Narendra feels
needed to get access to the PCI environment," Heilman that security experts are still too focused on software.
stated. "Unfortunately, what has happened in the security
industry is, not all companies but some set of companies,
Another problem is that administrators fail to change if you look at the predominance, they all migrated from
passwords frequently or restrict the access of local hardware expertise in the last decade," he said. "Often
administrators to the entire domain by using different when you have conversations with the so-called security
passwords for granting access to different areas of the expert, most of them don't even understand what a smart
network. card is."
Heilman said if passwords were better differentiated, Narendra is also critical of the entire PCI DSS framework
"at best the attacker would get access to one system at a because it fails to address hardware as ultimately the best
time and force him to have to exploit something in every security solution. "PCI is grossly insufficient," he said.
system he wanted to get into rather than just giving him "It was valuable in the past, and now it is nothing but a
access to every single system because he compromised one patchwork. It does not mandate hardware. It is high time it
account." did. Without that, it will become irrelevant."
2014 is here...
Time to sign up for the 2014 GSQ Buyers Guide.
• Up to three (3) listings are free.
• Standard listing not good enough?
Only $200 per listing
Medium-sized color logo, name in bold, phone number and url in outline box.
• Still not enough, you say?
Our Gold listing might be just the thing. $250 per listing. Larger color logo, larger
text, name in bold, phone number and url in outline box.
•
Large Color logo, of text about your company, larger text, name in bold, phone
number and url in outline box for only $990 per listing.
We love to help!
Call Danielle at 707-284-1686
40
40
40
40
