Requirement 4: Encrypt transmission of cardholder data across open, public networks
Buy server certificates
– www.thawte.com/
– www.verisign.com.au
– www.digicert.com/
Configure web servers to only use strong encryption
– http://httpd.apache.org/docs/current/ssl/ssl_howto.html
– http://technet.microsoft.com/en-us/library/cc962039.aspx
– https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
Ensure that your servers are not vulnerable to Heartbleed
– https://lastpass.com/heartbleed/
– tif.mcafee.com/heartbleedtest
= safeweb.norton.com/heartbleed
Do not use cleartext protocols
– Remove the use of Telnet and FTP. Use SSH and sFTP.
Wireless security
– Do not use WEP. Use WPAv2 with a strong passphrase. Consider using MAC filtering.