Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 336
  • Last Modified:

PCI and Small Business Server

I am working with a customer needing to complete form D of PCI's SAQ.

Question 2.2.1 says is there only one primary function per server? It gives the example, are web servers, database servers and DNS servers all on separate servers.

Does this mean that a SBS would not be PCI compliant as it hosts DHCP, DNS, AD, File Server, SharePoint and Exchange all on one box?

How deep does this go? Take Exchange for instance. Exchange has a mailbox db server, a web front end and its back end.. does all this need to be separated too?
0
Schuyler Dorsey
Asked:
Schuyler Dorsey
1 Solution
 
btanExec ConsultantCommented:
Do not really see that it need to be one service one physical machine as this can be complicated in virtual environment. The idea is ti isolate and segregate service oneinside so as thisto bescope down the ideadss involvement and segregate which can be lesser prone to copecracks due to cracksmany services running in same box. Sometimes it needis not reallycost effective and efficient to split up inherent web services...but we can harden and lockdown those ports etc. Some info on sbs  meeting pci dss

 http://social.technet.microsoft.com/wiki/contents/articles/853.adjustments-for-pci-dss-scan.aspx
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now