Friday, December 16, 2016

Install Scala in Mac OS or Linux

1) Download scala-X.XX.tgz from the official site

2) Unzip archive
       tar xzvf scala-X.XX.tgz

3) mkdir /usr/local/scala/

4) cp -R scala-X.XX/* /usr/local/scala/.

5)  vi  ~/.bash_profile

6) Add scala/bin folder to your PATH
        export PATH=/usr/local/scala/bin:$PATH

Verify the Installation

$ scala
cat: /release: No such file or directory
Welcome to Scala 2.12.1 (Java HotSpot(TM) 64-Bit Server VM, Java 1.8.0_101).
Type in expressions for evaluation. Or try :help.

scala>

Monday, December 5, 2016

PCI DSS - account data, cardholder data, SAD(Sensitive Authentication Data)

We normally think that account data and cardholder data are the same. But it is not so.
    - Cardholder data is a subset of account data

    - Account Data = Cardholder data + SAD
           - Account data includes all of the information printed on the physical card as well as data on the magnetic stripe or chip

   - Cardholder data
      - Primary Account Number(PAN)
      - Cardholder Name
      - Expiration Data
      - Service code

  - SAD
       - Full Track Data(magnetic stripe data or equivalent on a chip)
       - CAV2, CVC2, CVV2, CID
       - PINs/PIN blocks

PCI DSS Goals and Requirements

PCI DSS - has 6 goals. PCI DSS has 12 requirements to meet those 6 goals

Goal 1: Build and Maintain secure network and systems
        Req 1: Install and maintain a firewall configuration to protect cardholder data
        Req 2: Do not use vendor supplies defaults for system passwords and other security Parameters

Goal 2: Protect cardholder data
        Req 3: Protect stored cardholder data
        Req 4: Encrypt transmission of cardholder data across open, public Network

Goal 3: Maintain a Vulnerability Management Programme
        Req 5: Protect all systems against malware and regularly update anti-virus software or programs
        Req 6: Develop and maintain secure systems and applications

Goal 4: Implement Strong Access Control Measures
        Req 7: Restrict access to cardholder data by business need-to-know
        Req 8: Identify and authenticate access to system components
        Req 9: Restrict physical access to cardholder data

Goal 5: Regularly Monitor and Test Networks
        Req 10: Track and monitor all access to network resources and cardholder data
        Req 11: Regularly test security systems and processes

Goal 6: Maintain an Information Security Policy
        Req 12 : Maintain a policy that addresses Information Security for all personnel