Using linux firewalls for PCI compliant infrastructure



Hi

We are using linux-based servers as firewalls for PCI compliant
infrastructure. During audits it has been AOK so far but security
people internally have suggested that maybe a commercial product would
be better suited for PCI infrastructure (as it is pretty critical).

I'm personally very happy with the iptables firewalls - we can use all
the standard components for firewalls that we use for everything else
(including standard administration methods, patching and so forth).

What do you think, would a commercial firewall provide a tangible
improvement in security?
Is anyone else using linux-based firewalls for PCI (or otherwise
sensitive) infrastructure?

Best regards,
Siim

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: [fw-wiz] Using linux firewalls for PCI compliant infrastructure
    ... During audits it has been OK so far but security ... be better suited for PCI infrastructure. ... I'm personally very happy with the iptables firewalls - we can use all ...
    (Firewall-Wizards)
  • [fw-wiz] Using linux firewalls for PCI compliant infrastructure
    ... During audits it has been OK so far but security ... be better suited for PCI infrastructure. ... I'm personally very happy with the iptables firewalls - we can use all ...
    (Firewall-Wizards)
  • Re: [fw-wiz] Using linux firewalls for PCI compliant infrastructure
    ... During audits it has been OK so far but security ... be better suited for PCI infrastructure. ... I'm personally very happy with the iptables firewalls - we can use all ...
    (Firewall-Wizards)
  • Re: Defense in Depth
    ... What is meant by "layers" of security, is this: the entry points that must be ... Physical Layer - Physical access to the resources. ... attacks and other attacks that go after the software itself. ... "layer" in one long chain (lots of firewalls). ...
    (Security-Basics)
  • RE: Wireless Security for Home Users
    ... for most home users to create and/or manage 2 firewalls and a DMZ. ... As with most network security, ... investigate additional security features available from the WAP ...
    (Security-Basics)