Web and email on the same machine?

Forum Moderators: phranque

Message Too Old, No Replies

Web and email on the same machine?

for ecommerce

Tonearm

8:37 pm on Nov 2, 2018 (gmt 0)

I was told that due to PCI Compliance requirements I can't run an email server on the same machine as a web server if the web server is used for ecommerce credit card payments. Is that true?

robzilla

9:26 pm on Nov 2, 2018 (gmt 0)

That's part of the Payment Card Industry Data Security Standards (PCI DSS) requirements, yes.

System configuration standards used for general provisioning, hardening, securing and locking-down of system components are to include the following procedures:
o Changing of all vendor-supplied defaults and elimination of unnecessary default accounts
o Implementing only one primary function per server to prevent functions that require different security levels from co-existing on the same server

[pcicompliance.stanford.edu...]

Always best to ask your auditor, of course.

Tonearm

9:41 pm on Nov 2, 2018 (gmt 0)

Can I separate them into different VMs on the same machine?

justpassing

9:49 pm on Nov 2, 2018 (gmt 0)

Can I separate them into different VMs on the same machine?

Always best to ask your auditor, of course.

Essex_boy

12:02 pm on Nov 4, 2018 (gmt 0)

Thats a basic question, always keep them seperate

robzilla

12:50 pm on Nov 4, 2018 (gmt 0)

Can I separate them into different VMs on the same machine?

Maybe, that's probably not uncommon.