firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: PCI DSS & Firewalls (Marcus J. Ranum)
2. Re: PCI DSS & Firewalls (Marcus J. Ranum)
----------------------------------------------------------------------
Message: 1
Date: Thu, 02 Apr 2009 09:54:35 -0500
From: "Marcus J. Ranum" <mjr@ranum.com>
Subject: Re: [fw-wiz] PCI DSS & Firewalls
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <49D4D1AB.1050904@ranum.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Paul D. Robertson wrote:
> Is it just me, or do the PCI DSS "standards" for firewalls look like
> someone played "I have a CISSP" buzzword bingo?
It used to be said that there were two things you never wanted
to observe being manufactured: hot dogs and laws. I'd add a
third to that list - standards.
> Do the PCI folks _really_ think "stateful inspection" is the answer, and
> isn't that a Checkpoint trademark anyway?
Unfortunately for firewalls, the horse left the barn around
1996 and hasn't been seen since. My guess is that the authors
of the standard were thinking "Let's make sure that it's
at least something better than a screening router." Which
shows that, in general, almost nobody still gets the point.
mjr.
--
Marcus J. Ranum CSO, Tenable Network Security, Inc.
http://www.tenablesecurity.com
------------------------------
Message: 2
Date: Thu, 02 Apr 2009 09:57:09 -0500
From: "Marcus J. Ranum" <mjr@ranum.com>
Subject: Re: [fw-wiz] PCI DSS & Firewalls
To: bwilliam13@windstream.net, Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <49D4D245.7090104@ranum.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Victor Williams wrote:
> PCI DSS is pretty sad. They could have taken another
> already-established standard with some brains behind it and adopted it
> instead...
What makes you think they didn't?
mjr.
--
Marcus J. Ranum CSO, Tenable Network Security, Inc.
http://www.tenablesecurity.com
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 36, Issue 3
***********************************************
No comments:
Post a Comment