Re: [fw-wiz] Using linux firewalls for PCI compliant infrastructure
- From: Anton Chuvakin <anton@xxxxxxxxxxxx>
- Date: Thu, 26 Nov 2009 18:08:21 -0800
We are using linux-based servers as firewalls for PCI compliant
infrastructure. During audits it has been OK so far but security
people internally have suggested that maybe a commercial product would
be better suited for PCI infrastructure (as it is pretty critical).
First things first: in PCI DSS, a firewall is a firewall is a
firewall. There is no preference to free or commercial ones. The only
criteria is "stateful" (somewhere in 1.1, if I recall correctly)
What do you think, would a commercial firewall provide a tangible
improvement in security?
Too close to being a religious debate.
Is anyone else using linux-based firewalls for PCI (or otherwise
sensitive) infrastructure?
Yes, I've seen people use iptables in 1.1 and in 1.4 (as personal firewall)
--
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Blog: http://www.securitywarrior.org
LinkedIn: http://www.linkedin.com/in/chuvakin
Twitter: @anton_chuvakin
Google Voice: 510-771-7106
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- References:
- [fw-wiz] Using linux firewalls for PCI compliant infrastructure
- From: Siim Põder
- [fw-wiz] Using linux firewalls for PCI compliant infrastructure
- Prev by Date: Re: [fw-wiz] Message Labs
- Previous by thread: Re: [fw-wiz] Using linux firewalls for PCI compliant infrastructure
- Index(es):
Relevant Pages
|
