PCI Compliance Requirements: Some Tools to Help With Requirement 10!

PCI Requirement 10 states: Track and monitor all access to network resources and cardholder data

Logging mechanisms and the ability to track user activities are critical in preventing, detecting and minimizing the impact of a data compromise. The presence of logs in all environments allows thorough tracking, alerting and analysis when something does go wrong. Determining the cause of a compromise is very difficult, if not impossible, without system activity logs.

It can be costly to implement solutions to meet PCI Compliance Requirements and requirement 10 is no different. There are numerous SIEM (Security Information and Event Management) systems on the market that have a hefty price tag. Some may be free but come with a limit on either hosts (computers / equipment) or how much logging can occur based on a data size like Megabytes / Gigabytes. There is a way to fulfill this requirement for almost zero cost by using open source tools running on open source operating systems. This endeavor isn’t for the technical faint of heart but there are numerous sites that can almost walk you through how to start this. In my travels I have built this numerous times from 10 system networks to 500+ system networks.

This blog will briefly touch on some tools that can be used to start building your business a logging and monitoring system that when properly used could meet the PCI Requirement 10.

First you will need to acquire some hardware. A simple PC or virtual machine that has over 4GB of RAM and a Hard Drive or two of relatively good size and preferably built on some level of RAID. This basic system can be built using spare parts in most cases so the cost is almost zero.

After the hardware is provisioned or the virtual machine is built and configured here is where a curious IT person or someone with some Linux curiosity and experience will come in very handy. This is the start of the LAMP build. LAMP is Linux / Apache / MySql / PHP, these are the core of your system to run these open source tools on and give you a web based user interface for accessing them. The Linux OS you are going to install is the next step. Humbly I prefer to use CentOS (a Redhat open source, not supported version) the version number I tend to stick with is in the v6.5 range. CentOS is up in the v7.x range now, I don’t like the commands that have changed so I pick 6.x. A basic installation of CentOS is fine and you are off and running. Once you have the OS done its time to leverage the web for some how to’s on installing Apache/MySQL and PHP. Here is one I found very helpful:

https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-centos-6

Once the LAMP installation is completed and working the tools you will need are next. Here is where it can become a bit more complex, but again there are hundreds of sites with really solid how-to type of installs and troubleshooting. I won’t go into those details here but a list below should help you get started.

Here is a list of tools and links you can start to build on your new Linux network monitoring system:

• Nagios Core (Open Source Monitoring Tool) for windows servers/workstations, all other equipment with an IP address as well.
  • Price = Free
  • Alerts your staff of hardware or software issues on your systems when configured.
  • https://www.nagios.com/products/nagios-core/
    
    
• OSSEC (Open Source HIDS) for watching logs from servers or equipment you configure to send the logs from.
  • Price = Free
  • Alerts your staff of certain log messages that indicate what you deem critical.
  • http://ossec.github.io/
  • Free User Interface for ease of viewing logs (Web UI)
  • http://ossec.github.io/downloads.html
    
    
• Central Syslog Server
  • Price = Free
  • This takes the Linux you installed prior and allows you to point logs from different devices to it so you can monitor those from a single point.
  • http://sharadchhetri.com/2014/03/01/install-and-configure-rsyslog-on-rhel-6-centos-6/
• MRTG (Monitoring and Graphing of Switch Port use)
  • Price = Free
  • This will allow you to visually see the bandwidth used on your switch/router/wap ports, it’s more of a nice to have than a need to have.
  • http://oss.oetiker.ch/mrtg/

These tools will give you the start for nothing but some time and a little effort. They can also be configured and enhanced in numerous ways to give you more, depending on your needs. While this is not a simple solution to fulfilling PCI Requirement 10 where you install and are good to go, this will give you a great start and with a little work on your part, you will be well on your way to meeting this specific requirement!

For assistance with the other PCI Requirements, please contact us. Are there any other tools that you recommend out there? Feel free to drop a line in the comments section below!