Re: [fw-wiz] PCI DSS & Firewalls

Paul D. Robertson wrote:
Is it just me, or do the PCI DSS "standards" for firewalls look like someone played "I have a CISSP" buzzword bingo?

It used to be said that there were two things you never wanted
to observe being manufactured: hot dogs and laws. I'd add a
third to that list - standards.

Do the PCI folks _really_ think "stateful inspection" is the answer, and isn't that a Checkpoint trademark anyway?

Unfortunately for firewalls, the horse left the barn around
1996 and hasn't been seen since. My guess is that the authors
of the standard were thinking "Let's make sure that it's
at least something better than a screening router." Which
shows that, in general, almost nobody still gets the point.

Marcus J. Ranum CSO, Tenable Network Security, Inc.
firewall-wizards mailing list