A lot of effort goes into achieving PCI compliance for a network. Without going into huge detail I thought some of you would like to know the type of work we had to do to get the badge.
Implementation of secure LDAP cluster
This consists of a master server and three read-only slaves, the master server is locked down heavily and the read-only slaves are used for applications to authenticate against. All communication is authenticated and encrypted. All of our new systems have been moved over to authenticate against this LDAP cluster.
TACACS+ / RADIUS (2-Factor) authentication front ends
TACACS+ is an authentication protocol used by all our network equipment and passes authentication through to the LDAP cluster. This system was rebuilt to use encrypted communication, a well structured user/group system, and various security features.
RADIUS (2-Factor) was implemented to pass one factor of the authentication back to the LDAP cluster and the second factor back to a Yubi Key server so that Yubi Keys can be used.
Secure VPN, was implemented using