RE: PCI / AV / Linux DB Servers

From: Ndidi Ibeachum <>
Date: Tue, 4 Feb 2014 10:59:28 +0100
Message-ID: <DUB406-EAS31655160F069AF40F3C05F7EFAA0_at_phx.gbl>

In addition to the these provided,You could check Trendmicro Deep Security.

Chinedu Ibeachum

  • Original Message ---

From: "CRISLER, JON A" <> Sent: 1 February 2014 02:20
To: SUzzell_at_MICROS.COM, "'Radoulov, Dimitre'" <> Cc:
Subject: RE: PCI / AV / Linux DB Servers

I am pretty sure Symantec has a Linux version, and I know McAfee does as well. You can use those- you might have better costs with Symantec since you already use those products. Just configure the package for use in a Oracle env- for instance, on-access scanning to anything Oracle related (db files, ocr etc) should be removed for performance reasons. The main thing is the on-access scanning stuff which kills performance. As for your interconnect traffic being high- I don't see why the AV would cause that, but Oracle might be reacting to something else going on ...

From: [] On Behalf Of Uzzell, Stephan Sent: Friday, January 31, 2014 12:24 PM
To: 'Radoulov, Dimitre'
Cc:; Uzzell, Stephan Subject: RE: PCI / AV / Linux DB Servers

That's something we've discussed. However, we have some application servers (multi-customer environment) where the application servers are available via public internet. This is primarily for customers that are not large enough to invest in MPLS or a VPN. While we are absolutely on board with removing the internet access from our DB servers, I don't think we can cut the entire datacenter off.... So with some servers necessarily exposed, how do we protect the DB servers (my area of concern)?


Stephan Uzzell

From: Radoulov, Dimitre [] Sent: Friday, 31 January, 2014 12:16
To: Uzzell, Stephan
Cc:<> Subject: Re: PCI / AV / Linux DB Servers

Firewalls. We have no servers directly exposed on Internet.

Il 31/gen/2014 18:07 "Uzzell, Stephan" <<>> ha scritto: Hi all,

We're in a bit of an uncomfortable spot here... We're basically a Windows shop, our DB servers have internet access, and therefore our DB servers have AV software installed. We have periodically had to disable or even remove it on some of our larger database clusters as we have seen slow interconnect traffic with it enabled (Symantec Endpoint, mostly version 12 by this point). As soon as we remove Endpoint, interconnect ping times go back to where they should be and we move on.

We've just started a process of converting to Linux - supposedly we'll have all 240+ databases on on Linux by the end of the year. We had somewhat assumed along the way that we would not be using AV software on our Linux DB servers: lower risk, fewer Linux viruses, &c.

Our PCI auditor doesn't seem to agree. To satisfy his requirements, we need some form our AV software installed. Or some other form of protection...

So - I guess my question is: people running production Linux environments - what do you do? How do you protect your servers?


Stephan Uzzell

-- Received on Tue Feb 04 2014 - 10:59:28 CET

Original text of this message