Educause Security Discussion mailing list archives
Re: Merchant services credit card project
From: Willis Marti <wmarti () TAMU EDU>
Date: Mon, 27 Jun 2005 07:11:51 -0500
OK. That's the definition I've been pushing. So the next question is (also part of the debate), what constitutes a firewall? Can it be host based (this was implied) or must it be a network appliance? Or, can it be router ACLs using the established keyword for providing basic stateful inspection protection?
The current guidance we've received is that if the credit card processing system *stores* CC data, one must have an external FW. Host-based FWs don't do NAT. If the system only does, for example, data entry, then a host FW may be ok. I don't see any technical difference between a "router" and a "firewall" if the functionality is equivalent. Cheers, Willis Marti Associate Director for Networking Computing & Information Services Texas A&M University
Current thread:
- Merchant services credit card project Theresa M Rowe (Jun 24)
- <Possible follow-ups>
- Re: Merchant services credit card project Scott Genung (Jun 26)
- Re: Merchant services credit card project Willis Marti (Jun 26)
- Re: Merchant services credit card project Scott Genung (Jun 26)
- Re: Merchant services credit card project Steve Bernard (Jun 26)
- Re: Merchant services credit card project Steve Bernard (Jun 26)
- Re: Merchant services credit card project Willis Marti (Jun 27)
- Re: Merchant services credit card project Willis Marti (Jun 27)
- Re: Merchant services credit card project Theresa M Rowe (Jun 27)