Re: [fw-wiz] PCI DSS & Firewalls
- From: "Marcus J. Ranum" <mjr@xxxxxxxxx>
- Date: Thu, 02 Apr 2009 09:54:35 -0500
Paul D. Robertson wrote:
Is it just me, or do the PCI DSS "standards" for firewalls look like someone played "I have a CISSP" buzzword bingo?
It used to be said that there were two things you never wanted
to observe being manufactured: hot dogs and laws. I'd add a
third to that list - standards.
Do the PCI folks _really_ think "stateful inspection" is the answer, and isn't that a Checkpoint trademark anyway?
Unfortunately for firewalls, the horse left the barn around
1996 and hasn't been seen since. My guess is that the authors
of the standard were thinking "Let's make sure that it's
at least something better than a screening router." Which
shows that, in general, almost nobody still gets the point.
mjr.
--
Marcus J. Ranum CSO, Tenable Network Security, Inc.
http://www.tenablesecurity.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- Re: [fw-wiz] PCI DSS & Firewalls
- From: R. DuFresne
- Re: [fw-wiz] PCI DSS & Firewalls
- References:
- [fw-wiz] PCI DSS & Firewalls
- From: Paul D. Robertson
- [fw-wiz] PCI DSS & Firewalls
- Prev by Date: Re: [fw-wiz] PCI DSS & Firewalls
- Next by Date: Re: [fw-wiz] PCI DSS & Firewalls
- Previous by thread: Re: [fw-wiz] PCI DSS & Firewalls
- Next by thread: Re: [fw-wiz] PCI DSS & Firewalls
- Index(es):
Relevant Pages
|
