E Business columns for PCI Compliance

Does Oracle have a documentation with configuration details to meet Payment Card Industry standards requirements? We are implementing Oracle Advanced Security against Oracle E Business and need to know what columns we should specifically address within E Business to protect our PII/PCI data.
Any help would be greatly appreciated.
Bill

If the router is upgraded with latest firmware...it resolve many problem.So if you get some time you may upgrade the firmare . 

Similar Messages

  • Upgrade firmware for PCI compliance scan

    I have a WRT54G ver. 5 wireless router running ver. 1.02.0 firmware. I'm anticipating a PCI compliance scan which my bank requires since I transmit credit card numbers from here for my online business. I'm wondering if I should upgrade to the latest firmware version (1.02.6) before the scan. The router is working fine and I'm a great believer in not fixing things if they aren't broken. Does the upgrade make security improvements (which I should have) or just fix problems (which I don't have)?

    If the router is upgraded with latest firmware...it resolve many problem.So if you get some time you may upgrade the firmare . 

  • Patching vulnerabilities for PCI compliance

    Hi
    My Apple Profile Manager server has failed a PCI compliance scan, due to the vulnerabilities listed below. The OS and the software are patched to the highest level, but its still failing
    What do i need to do to be able to resolve these? If i can't patch them by Thursday, i'll have to shut down the server
    SSL/TLS use of weak RC4 cipher                                                            CVE-2013-2566         
    OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20140806)    CVE-2014-3512         
                                                                                                                   CVE-2014-3511
                                                                                                                   CVE-2014-3510
                                                                                                                   CVE-2014-3507
                                                                                                                   CVE-2014-3508:
                                                                                                                   CVE-2014-5139:
                                                                                                                   CVE-2014-3509:
                                                                                                                   CVE-2014-3505:
                                                                                                                   CVE-2014-3506
    Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day     CVE-2007-6750

    If your running OS X 10.9.2 as your message indicates then you are not patched to the highest level. (By a long way.)
    OS X 10.9.5 plus Security Update 2014-005 would give you all the current patches for Mavericks. If you upgraded to Yosemite and Server.app 4.0 you would get some further updates. (Server 4.0 would have to be purchased although Yosemite aka. OS X 10.10 itself is free.)
    Even with all of those I suspect some of the issues you list will not be patched. In theory you could manually compile and install patches but this is generally a very bad idea as you will then break compatibility with Apple's own software such as the server configuration tool Server.app and likely break Profile Manager completely and if you use it the Wiki module.
    If you want complete control over patching the software then OS X is not going to let you do this with out as mentioned above severe consequences. Only Linux gives you that level of control. Arguably Windows gives you even less control than OS X as in Windows it is all closed source (Microsoft) software.

  • Disable SSL v2 and weak cipers on a RV325 for PCI compliance

    How do you disable SSL v2 and weak cipers on a RV325 to become PCI compliant?

    Hello
    per Cisco RVS4000 product site information this router is already end of life since January 30, 2010. Last date of support is also already missed - April 30, 2013. This means that according Cisco policy no further updates to existing firmware will be done - neither security-related fixes. And I am afraid that this is fact with which you have to deal.
    regarding RV320 - it seems that there is no any possibility to restrict SSL/TLS protocol/version by your own in current version. Francis - I would recommend you to open service request to Cisco SMB Support if you still have valid support contract. I hope there is good chance to get it fixed as this security related inability.
    lastly - for all products (including RVS4000) - I would suggest to keep management interface of router separated most as possible - i.e. restrict access to management interface only to single subnet/host(s) only (via Firewall feature). With having administration/management subnet and certain client(s) which is a part of this subnet can help to avoid eavesdropping your connection to router. Of course disabling remote management is the best thing you can do in any case (including avoid of possible firmware bugs, loggin attempts and so on).

  • IDS/IPS for PCI compliance requirements

    I have the traditional IPS/IDS modules in my Cisco ASA's. Is there an application that can collect all my logs and send alerts when a threat is detected? Is the IME still a valid product? What is the limitations of the IME?

    Have a look at Microsoft Endpoint Protection for Windows Azure.
    http://blogs.msdn.com/b/windowsazure/archive/2012/03/26/microsoft-endpoint-protection-for-windows-azure-customer-technology-preview-now-available-for-free-download.aspx
    http://blog.maartenballiauw.be/post/2012/03/27/Protecting-Windows-Azure-Web-and-Worker-roles-from-malware.aspx

  • Failing PCI Compliance Scan - SSL Weak...

    Hello,
    I currently use the WRVS4400n v2 (latest update) for my small business. I store and transmit data that contains credit card information and need to be PCI compliant. Regardless of which settings I change on the router, like turning off remote management, I keep failing the scan. ControlScan uses Nessus and the results are below (2 vulnerabilities).
    I did some research and spent some time with Cisco Sales Chat and they recommended a ASA5500 only to realize that it too had the same vulnerabilities. I did more research and it seemed that the SA520w (I need wireless) would do it but I found a thread on this forum saying that a client who had the SA520w did not pass the scan failed due to SSL vulerability (need v3+ ?). The thread is at https://supportforums.cisco.com/thread./2060512
    Question: What router/appliance should I use to be PCI compliant? Three has to be something, we're talking, this is Cisco.
    Thank you in advance for your help,
    Christophe
    Threat ID: 126928
    Details:
    IP Address: XX.XXX.X.XXX
    Host: XX.XXX.X.XXX
    Path:
    THREAT REFERENCE
    Summary:
    SSL Weak Cipher Suites Supported
    Risk: High (3)
    Type: Nessus
    Port: 60443
    Protocol: TCP
    Threat ID: 126928
    Information From Target:
    Here is the list of weak SSL ciphers supported by the remote server :
    Low Strength Ciphers (< 56-bit key)
    SSLv2
    EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)      Mac=MD5    export    
    EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)      Mac=MD5    export    
    The fields above are :
    {OpenSSL ciphername}
    Kx={key exchange}
    Au={authentication}
    Enc={symmetric encryption method}
    Mac={message authentication code}
    {export flag}
    Solution:
    Reconfigure the affected application if possible to avoid use of weak
    ciphers.Details:
    The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all.
    Threat ID: 142873
    Details:
    IP Address: XX.XXX.X.XXX
    Host: XX.XXX.X.XXX
    Path:
    THREAT REFERENCE
    Summary:
    SSL Medium Strength Cipher Suites Supported
    Risk: High (3)
    Type: Nessus
    Port: 60443
    Protocol: TCP
    Threat ID: 142873
    Information From Target:
    Here are the medium strength SSL ciphers supported by the remote server :
    Medium Strength Ciphers (>= 56-bit and < 112-bit key)
    SSLv2
    DES-CBC-MD5                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=MD5   
    SSLv3
    DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
    TLSv1
    DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
    The fields above are :
    {OpenSSL ciphername}
    Kx={key exchange}
    Au={authentication}
    Enc={symmetric encryption method}
    Mac={message authentication code}
    {export flag}
    Solution:
    Reconfigure the affected application if possible to avoid use of
    medium strength ciphers.Details:
    The remote host  supports the use of SSL ciphers that offer medium strength encryption,  which we currently regard as those with key  lengths at least 56 bits  and less than 112 bits.

    Chris,
    As i understand right now none of the Small Business router are PCI compliance ever since PCI 3.0 was released. How you overcome this; you'll need to forward any ports you are failing on to a ghost IP.. Ghost ip (any ip address that isn 't being used) If you are using those ports , then you will lose that service as the router isn't PCI 3.0 compliant.
    Jason
    I do believe the ASA5505 are PCI 3.0 Compliant.

  • CCX PCI Compliance

    Hi All,
    I am looking to achieve PCI compliance for my networking infrastructure, which includes CCX, currently runnng version 4.1 with IVR being used for credit card authentication. Not really sure where to start on this, so if anybody has any pointers on how the requirements for PCI compliance translates to what we actually need to do to the server, that would be much appreciated.
    Rgds

    I just had a conversation with Trustwave and they are going to disable this check while they figure out a detection without this false positive, so your scans should be fine now. Thank you Trustwave for such a quick response and turn around!

  • Pci compliance for very small biz using mac and ipad

    I run a very SMALL business. We have one MacBook an iPad and an iPhone. We run everything through a second party merchant card processor/software (mindbody). However, according to the PCI compliance survey I just finished, I am supposed to run quarterly internal scans for vulnerabilities. Does antivirus software do this?
    Also, what firewall settings do I need on my mac to be PCI compliant?
    I know this may be a very simple question, but the PCI survey assumes everyone has an IT department with a ton of policies and procedures. Trying to figure out how to be compliant as a super small business without all that infrastructure.

    Anti-virus software would not do PCI vulnerability scanning. You need specialized software to do that. Unfortunately, I cannot recommend specific software. My wife's small business was wrestling with PCI issues some time ago, and they're currently not doing any kind of internal scans. I don't know why not. They do get scanned externally periodically, to look for vulnerabilities in their setup that could allow people outside their network to gain access.
    PCI compliance is a scam anyway. It doesn't prevent the numerous breaches that so many high-profile companies have been facing lately, and you can bet they're dotting their i's and crossing their t's with respect to PCI compliance. They have the budget to do so.
    Your Mac should not need the firewall on. That shouldn't affect PCI compliance, if the Mac is properly configured and does not have any services open in System Preferences -> Sharing.

  • Type Column for Email is not coming in Business context

    Hi All,
    I have enhanced the component ICCMP_BT_BCXT.
    I am able to get the required values in business context.
    I get hyperlinks in the TYPE column for customer follow-up/interaction record.
    But when email is sent then TYPE column does not show the hyperlink as Email.
    Other details like key/description are occuring for email.
    Any pointers on how to get the hyperlink for Email.
    Thanks and Regards,
    Gauri.

    Hi,
    by default when you get the hyperlink for interations record/followup document, its logical because on click on this hyperlink, system takes you to the interaction record/Followup document that is linked.
    If you set it to email, and if we provide hyperlink to it, where should it navigate on click of the hyperlink ?
    Its very easy to provide the hyperlink however it is very important to know what is required on click of the hyperlink, to give the right design .
    Thanks & Regards
    Suchita

  • PCI Compliance for the iPad

    Has anyone implemented a PCI compliant iPad application? If so, were there specific steps you used?

    There are a number of credit card processing applications in the iTunes Store, and at least a couple claim PCI compliance, if that's what you mean. Do a Power Search for apps with "credit card" and browse through the results, or search a site like appshopper.com. Once you find one, you can contact the developer and ask if they'll share tips.
    If that's not what you're referring to, please post back and elaborate.
    Regards.
    Message was edited by: Dave Sawyer

  • Skype Causing PCI Compliance Failure

    Hi,
    As part of my business, I have to undergo PCI Data compliance scans every 3 months. Everything has been okay, but I recently failed a scan, and received this message:
    Description: Skype for Windows < 5.8.0.154 Unspecified Vulnerability (uncredentialed check) Synopsis: The remote Skype install has an unspecified vulnerability. Impact: According to its timestamp, the version of Skype installed on the remote Windows host reportedly has an as-yet unspecified vulnerability.
    The suggested "Resolution" is to 'Upgrade to Skype for Windows 5.8.0.154 or later.'
    I am running Wndows on VMWare Fusion on my Mac. Initially, I deleted Skype altogether from Windows and updated Skype on my MAC OS X, and still received the same message So I reinstalled the latest version of Skype for Windows, and STILL received a fail on the scan.
    Is there some way to fix this? It looks like resolving this issue will fix up all the problems I've been having. Any help would be greatly appreciated.

    Hi there ... your post was a long time ago, but wondered if you managed to solve the problem of Skype clients causing PCI compliance to fail?  We are going through the same issues at the moment, all Skype clients updated, yet we are still failing every test.  If you managed to find a fix, would be great to know!  Cheers.

  • Wrvs4400n pci compliance

    I'm keep failing my pci compliance test I have a wrvs4400n and I keep getting "firewall udp packet source port 53 ruleset bypass" i've blocked port 53 but keep getting rejected. any ideas on how to set the router? thanks

    Hi jefftreece and welcome to the Cisco Home Community!
    The WRVS4400N is handled by the Cisco Small Business Support Community.
    For discussions about this product, please go here.
    https://supportforums.cisco.com/community/netpro/small-business
    The Search Function is your friend.... and Google too.
    How to Secure your Network
    How to Upgrade Routers Firmware
    Setting-Up a Router with DSL Internet Service
    Setting-Up a Router with Cable Internet Service
    How to Hard Reset or 30/30/30 your Router

  • APPLSYSPUB and PCI Compliance

    PCI Compliance documentation requires us to change all vendor-supplied default passwords.
    Oracle says in 'Best Practices for Securing Oracle E-Business Suite' that it recommends that you NOT change the default password for APPLYSYSPUB. (Appendix C).
    So what is a company to do? Do we change it or not?

    If by "logs" you mean the signature events the IPS Sensor generates, then the answer is mostly yes.
    The Sensor has a circular buffer for event storage. It will keep these event until they are overwritten.
    How quickly they are overwritten is a factor of buffer size, event size, packet capture options, etc (there was a forum thread on this very topic you can search for)
    If you are concerned about keeping event logs, you can install the free IME server and pull events from the sensor. If you are REALLY concerned about getting events logs you can stand up two IME servers (they will cost you some sensor overhead though) and keep them on your host, instead of your senor. Each sensor can support up to 5 devices (I think) pulling events.
    - Bob

  • PCI Compliance With Oracle Application 11i

    hi all,
    i want to implement PCI Compliance in Oracle Application.So it will be useful to me if some body, who have already implemented this, send steps that are to be followed to implement PCI.
    regards
    Yesukannan

    Zameer - Various degrees of integration between Application Express and Oracle Applications have been achieved. Exactly how you go about it is requirements-dependent. Search this forum for related threads (keywords ebusiness, e-business) and see also http://spendolini.blogspot.com/2005/09/using-ebusiness-suite-responsibility.html.
    Scott

  • HOW TO: Add /manipulate columns for a GridControl

    HOW TO: Add /manipulate columns for a GridControl when the columns (attributes) are from different entity objects.
    This HOWTO describes the basic steps of using attributes from different entity objects for a GridControl.
    One way you can create a GridControl which contain attributes from different entity objects is to create a view object and base it on the entity objects which contain
    the desired attributes.
    Here are the basic steps:
    1.Create a new view object (or use an existing view object) by selecting File>New from the menu, clicking the Business Components tab and double-clicking
    on the View Object icon.
    2.In the View Object wizard change the name to something meaningful.
    3.Select the entity objects you will base your view object on.
    4.Nivigate to the attribute screen and select the attributes you would like to include in your view object from each entity object. At this point you can also create
    a new attribute by clicking the "New" button. The new attribute can be a concatenation of other attributes, derived from a calculation etc.
    5.In the query panel of the View Object wizard, click "Expert mode" and enter a query statement. You write complex queries such as decoding a set of attribute
    values.
    6.Add your newly to your newly created view object to the application module by double-clicking on the application module in the navigation pane and selecting
    your view object from the list.
    7.Create a new row set.
    8.Bind row set to a query by editing their queryinfo property and selecting your view object and its attributes from the queryInfo pane.
    9.Create a GridControl and bind it to the row set by editing the dataItemName property of the GridControl. Since the GridControl is bound at the row set level
    all of the related attributes are automatically added.
    null

    Michael,
    Are you intending this as a commercial solution or a work around?
    To take an existing equivalent, one would build a view in the database tailored for each grid in an Oracle Forms application. Or a separate query layered over tables for each form/grid in a Delphi or Access application? Even if it is ninety nine percent the same over half a dozen forms/grids?
    And now you've added a whole slew of "slightly different" rowSetInfos to maintain.
    So if you wanted to add a column that needs to appear everywhere... you've just increased the workload multi-fold?
    That would be a management nightmare, wouldn't it? Not to mention yet more performance cost and a slower system?
    Hmmmm..... I'm not sure I like where this is headed... someone needs to do some convincing...
    null

Maybe you are looking for

  • What is the fact table content?

    a.     Key figure for a combination of char value of dimensions are stored in the fact table b.     Both cumulatiove and also key figure for non cumulative values can be contained in fact table Choose any one Thanks Babu

  • Package com.bea.xml does not exist

    Hello all, I would like to try the nice features of XMLBeans, but I am not able to import the package com.bea.xml in my first Java XMLBeans demo program, which I tried to create. The error message is "package com.bea.xml does not exist", even when th

  • Creating a motion tween on x then y axis

    Hello! I am trying to figure out how to make my movie clip move from left to right then down with a motion tween script. I have the script written to move left to right on the x axis, but can't figure out how to add the script to have it then move do

  • Subquery factoring

    hello Is it a rule that the subquery should always be followed with a select statement. I am using it as follows WITH subquery_this AS SELECT col_name1, col_name2, col_name3, ROW_NUMBER() OVER ( PARTITION BY col_name3 ORDER BY col_name2 DESC ) AS S F

  • MIRO Deselect and select Multiple line items

    Hi All, At the time of miro we are taking the reference of PO. In PO we have 1200 lines related to Custom duty, additional custom duty, ecess, clearing and forwarding charges and freight. we want to do the MIRO for custom duty, additional duty and fr