님, 안녕하십니까?
Red Hat 계정에 로그인
아직 등록하지 않으셨습니까? 등록해야 하는 이유:
- 한 곳에서 기술 자료 문서를 탐색하고, 지원 사례와 서브스크립션을 관리하고, 업데이트를 다운로드 할 수 있습니다.
- 조직 내의 사용자를 보고, 계정 정보, 기본 설정 및 권한을 편집할 수 있습니다.
- Red Hat 자격증을 관리하고 시험 내역을 조회하며 자격증 관련 로고 및 문서를 다운로드할 수 있습니다.
Red Hat 계정으로 회원 프로필, 기본 설정 및 자신의 고객 상태에 따른 기타 서비스에 액세스할 수 있습니다.
보안을 위해, 공용 컴퓨터 사용 중에 Red Hat 서비스 이용이 끝난 경우 로그아웃하는 것을 잊지 마십시오.
로그아웃Red Hat 블로그
Blog menu
Welcome to another post dedicated to the use of Identity Management (IdM) and related technologies in addressing the Payment Card Industry Data Security Standard (PCI DSS). This specific post is related to requirement three (i.e. the requirement to protect stored cardholder data). In case you're new to the series - the outline and mapping of individual articles to the requirements can be found in the overarching post that started the series.
Section three of the PCI DSS standard talks about storing cardholder data in a secure way. One of the technologies that can be used for secure storage of cardholder data is
disk encryption called LUKS. But LUKS keys also need to be managed (as mentioned in requirement 3.6.3). One potential solution: IdM's Vault – a secret store that can be used to escrow disk encryption passwords and implement policies and conditions for the recovery of such passwords (or keys). While in a Vault, the keys and passwords do not need to be in any way related to keys and passwords used by users that access the cardholder services; requirement 3.4.1 is thus fully met by this solution.
Requirement 3.5.3 creates a challenge demanding separation of keys. This usually leads to the need to involve a user to unlock their key to start a process. For example, a system volume can be encrypted but in case of a reboot an administrator has to come over and enter a password to continue the boot process. A new technology called Network Bound Disk Encryption addresses this problem by placing a special server on the network. While this technology is not currently included with Red Hat Enterprise Linux - here is a pointer to a demo.
Questions about how Identity Management relates to requirement three? Reach out using the comments section (below).