PCI Ninja Analysis: PCI DSS 2.0

The PCI Ninja is just like you, except he is a PCI SSC QSA and a CISSP. And he
has a ninja outfit. Other than that, he’s just a regular guy trying to help you get
business done without PCI interfering.

(continue reading…)

How IAM Projects Fail: Three Traps, Part I

IAM (Identity and Access Management) projects have a history of unfortunate disasters to the tune of millions and tens of millions of dollars. How can you ensure your IAM projects become milestones of success for your organization instead of expensive lessons in how not to fail?

(continue reading…)

Top 5 Business Benefits to an IAM Solution

From a technical perspective, it is easy to see why implementing an Identity and Access Management stack is preferable to manual processes, but we often get requests from clients for business reasons they can sell internally.

(continue reading…)

Ask the PCI Ninja: PCI DSS 1.3.5 (Outbound Traffic)

The PCI Ninja is just like you, except he is a PCI SSC QSA and a CISSP. And he
has a ninja outfit. Other than that, he’s just a regular guy trying to help you get
business done without PCI interfering. (continue reading…)

Adding SSL to Ubuntu / Apache2 / Ruby on Rails

There are many sources on Google for configuring SSL with Ubuntu, Apache2, and Ruby on Rails, but there isn’t one that I feel is straightforward and comprehensive. So here is the skinny on how to get SSL going in your Rails app on Apache 2 / Ubuntu.

(continue reading…)

Configuring Egress (Outbound) Rules with iptables (ubuntu style)

There is a lot of information on iptables (the Linux firewall) out there, but most of them focus on ingress rules.

(continue reading…)