There seems to be a belief these days that complying with the PCI standard is bound to be expensive and difficult to put in place. Actually if you have a Linux system, this doesn’t have to be the case at all. However, while a Linux system is generally thought to be better for security, nevertheless, there are weaknesses to Linux that could be exploited by a potential hacker, and knowing these weaknesses and knowing how to deal with these weaknesses can be crucial to the server administrator who wants to ensure that his systems and networks are PCI complaint.
Actually, with Linux security, knowing in advance what you are going to need to secure and making the right alterations in the right place can go a long way towards perfecting your security. Anyone who’s worked with PCI-DSS knows that truly enhancing the effectiveness of this system lies in a complete understanding of the risk factors. Generally speaking, I would say that limiting risk factors primarily lies in the realm of limiting access. Now when I say limiting access I’m not just talking about password security, but about even small lapses in security that could be used by a potential hacker.