Skip to main content

PCI on clound security & two-factor authentication

The PCI Council released guidance for virtual environments and cloud computing.  Of course, our interest is in two-factor authentication:

Accounts and credentials for administrative access to the hypervisor should be carefully controlled, and depending on the level of risk, the use of more restrictive hypervisor access controls is often justified. Entities should consider additional methods for securing administrative access, such as implementing two-factor authentication or establishing dual or split-control of administrative passwords between multiple administrators.

No doubt.  In the traditional network hack, the attacker gets in through a user's account and escalates privilege until they have the rights they need.  Defenses include tracking a user's usage pattern and trying to find anomalies - packets going where they shouldn't.  This is going to be a lot harder on a virtual infrastructure. 

 

Current rating: 1

Recent Posts

Archive

2024
2022
2021
2019
2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom