PCI Certificate

PCI Certificate

PCI DSS File Integrity Monitoring

September 13, 2015 OpenSource tools PCI Compliance PCI Compliance No Comments

File Integrity Monitoring

File-integrity monitoring or change-detection systems check for changes to critical files, and notify when such changes are noted. For file-integrity monitoring purposes, an entity usually monitors files that don’t regularly change, but when changed indicate a possible compromise.

Critical files (which rarely changes) of a system includes

  • Operating System files, which changes only when there is patch upgrade
  • Application files, such as the web application folder
  • Configuration files

Any unauthorized changes to the above will result in a potential security breach. FIM (File Integrity Monitoring) is the solution to detect such unauthorized changes.

Let us take a look at the requirements from the PCI DSS Standard

10.5.5 Use file-integrity monitoring or change-detection software on logs to ensure that existing log data cannot be changed without generating alerts (although new data being added should not cause an alert).

10.6.1 Review the following at least daily (Refer the guidance section of the requirement)

11.5 Deploy a change-detection mechanism (for example, file-integrity monitoring tools) to alert personnel to unauthorized modification of critical system files, configuration files, or content files; and configure the software to perform critical file comparisons at least weekly.

12.10 Implement an incident response plan. Be prepared to respond immediately to a system breach.

12.10.5 Include alerts from security monitoring systems, including but not limited to intrusion-detection, intrusion-prevention, firewalls, and file-integrity monitoring systems.

In summary, the FIM solution should detect and notify any unauthorized changes to critical files, it should be monitored daily and the organization should have an incident response plan to address such security incidents.

Let review some of the File Integrity Monitoring tools

Windows File Integrity Monitoring Software

  • OSSEC is an agent based File integrity Monitoring software  that can be installed in both Windows and Unix platforms
  • SolarWinds have an agent based solution to address the requirement of FIM
  • CIMTrack is a solution from CIMCOR which can work as both Agent based and/or agentless file integrity monitoring solution.
  • Tripwire is another player, which can help you with file integrity management in Windows
  • NNT Change tracker enterprise is another solution you can use as a FIM in Windows servers
  • Verisys from IONYX is another windows based file integrity solutions for PCI compliance
  • nCircle is another commercial alternative for the File Integrity software

PCI File Integrity Monitoring – Open Sources

  • OSSEC is an open source file integrity monitoring software which has clients in both Linux and windows platforms.
  • SAMHAIN is another open source file integrity manager.
  • Open Source Tripwire is an early fork of the original Tripwire code and is still an opensource solution
  • AFICK Replaces Tripwire, when it became commercial, to offer “another file integrity checker” solution as an opensource alternative
  • AIDE (Advanced Intrusion Detection Environment) is a file and directory integrity checker

PCI File Integrity Monitoring Compensating Controls

There are no standard set of compensating controls that suits to all the clients. Compensating controls will always depend on the specifics of your situation, so you should work with your QSA to determine whether an approach is viable or not. However, one of the methods we have found useful when looking for a compensating controls for requirement 11.5 is the effective use of end points. Configure the endpoint security software to go beyond the intent and achieve what is expected out of 11.5.

I would like to hear more about the compensating controls of 11.5. Do you have any such experience? Please share.

 

11.5File integrity monitoring

Firewall for PCI Compliance

How to achieve PCI DSS Compliance

Leave a Reply Cancel reply

Recent Posts

  • PCI Compliant Hosting
  • Best Practices to Minimise PCI DSS Exposure
  • How to achieve PCI DSS Compliance
  • PCI DSS File Integrity Monitoring
  • Firewall for PCI Compliance

Recent Comments

    Archives

    • October 2015
    • September 2015
    • June 2015
    • April 2015
    • December 2014
    • October 2014
    • April 2014
    • March 2014
    • January 2014
    • December 2013
    • January 2013

    Categories

    • OpenSource tools PCI Compliance
    • PCI Compliance
    • PCI Policies
    • PCI Segmentation

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Proudly powered by WordPress | Theme: Doo by ThemeVS.