Re: [fw-wiz] Using linux firewalls for PCI compliant infrastructure



We are using linux-based servers as firewalls for PCI compliant
infrastructure. During audits it has been OK so far but security
people internally have suggested that maybe a commercial product would
be better suited for PCI infrastructure (as it is pretty critical).

First things first: in PCI DSS, a firewall is a firewall is a
firewall. There is no preference to free or commercial ones. The only
criteria is "stateful" (somewhere in 1.1, if I recall correctly)

What do you think, would a commercial firewall provide a tangible
improvement in security?

Too close to being a religious debate.

Is anyone else using linux-based firewalls for PCI (or otherwise
sensitive) infrastructure?

Yes, I've seen people use iptables in 1.1 and in 1.4 (as personal firewall)

--
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Blog: http://www.securitywarrior.org
LinkedIn: http://www.linkedin.com/in/chuvakin
Twitter: @anton_chuvakin
Google Voice: 510-771-7106
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • RE: win2k3 active directory - firewall ports
    ... Also note that with the Windows Server 2008 AD infrastructure, ... close to the segment of your user base. ... win2k3 active directory - firewall ports ...
    (Focus-Microsoft)
  • Re: Linux firewall questions
    ... > Anyways I have about 20 users running mostly in a Windows environment. ... > We have a Linux box with firewall, ... What issues do I have with the Linux firewall. ... adapt your expertise to the company infrastructure or adapt the company ...
    (comp.security.firewalls)
  • Re: [fw-wiz] Using linux firewalls for PCI compliant infrastructure
    ... We are using linux-based servers as firewalls for PCI compliant ... During audits it has been OK so far but security ... be better suited for PCI infrastructure. ... The term "commercial firewall" still probably encompasses ...
    (Firewall-Wizards)
  • Exchange set up with ISP.
    ... What am I going to have to modify ... >>You are going to have to possibly modify DNS, ... >IP infrastructure, and firewall intimately. ...
    (microsoft.public.exchange.setup)
  • Re: Windows wireless flaw...
    ... The steps listed in the article (firewall, "Infrastructure Only", etc.) are ... sufficient to nullify this flaw. ...
    (Focus-Microsoft)