It’s been a little while since I added a new post so I thought I would add some details of what’s current for me.
Working for a retail based company with several websites, we have to comply to PCI-DSS requirements. This essentially means we have to structure our network and servers in a ‘secure’ manner, essentially to protect any unscrupulous types from accessing our customers payment card details. Now of course not everyone has to conform to the same standards, but it’s definitely worthwhile learning a little and implementing some of the recommendations into your infrastructure as standard practice. If nothing else it will stand you in good stead in case your business does ever need to comply.
This leads me onto some handy documentation that may help you on your path to either compliance or just general good standards. This isn’t PCI-DSS specific but CIS security benchmarks have some excellent guides for server/application hardening and can be used as a great baseline for your server installations. Whether you’re using Windows, OS-X, Free-BSD or Oracle, SQL, Office. These guys have recommendations for most things and the best thing is it’s all FREE!
Let me know your thoughts and recommendations, I’m interested to hear from you.