Configuring miscellaneous settings

Configure several miscellaneous settings to meet various PA-DSS requirements.

  1. In the user interface, click the Administration tab.
  2. Locate the User Accounts section.
    Figure 1. User accounts settings
    This image is explained in the surrounding text.
  3. Select the Password must contain lowercase, Password must contain uppercase, and Password must contain digits checkboxes.
  4. Click the Interfaces tab and scroll down to the Application Programming Interface section.
    Figure 2. API settings
    This image is explained in the surrounding text.
  5. Select the Cross-site request forgery protection checkbox. Make sure that Session timeout (seconds) is set to a value of 900 seconds or less.
    Note: If you want to use tested default and secure HTTP headers, ensure that Use custom HTTP headers is disabled.
  6. Scroll up to locate the Message Tracing section under Message Command Interface.
    Figure 3. Message Tracing settings
    This image is explained in the surrounding text.
  7. Select Disabled from the Dump message data drop-down list.
    Note: Dump message data needs to be disabled to comply with PA-DSS requirement 2.3.
  8. Scroll down to locate the MQ Interface section.
    Figure 4. MQ Interface settings
    This image is explained in the surrounding text.
  9. Select Disabled from the Dump message data drop-down list.
    Note: Dump message data needs to be disabled to comply with PA-DSS requirement 2.3.
  10. Scroll down to the Kafka Interface section.
  11. Select Disabled from the Dump message data drop-down list.
    Note: Dump message data needs to be disabled to comply with PA-DSS requirement 2.3.
  12. Click the Misc tab and scroll down to the Miscellaneous section.
  13. Verify that SSL cipher list has the following entries:
    ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
    Note: This list might be outdated because new security leaks were discovered in the meantime. The OpenSSL website provides regular security advisories, including information about potential security leaks.

    http://www.openssl.org/