Firewall Wizards mailing list archives
Re: PCI DSS & Firewalls
From: "Marcus J. Ranum" <mjr () ranum com>
Date: Thu, 02 Apr 2009 09:54:35 -0500
Paul D. Robertson wrote:
Is it just me, or do the PCI DSS "standards" for firewalls look like someone played "I have a CISSP" buzzword bingo?
It used to be said that there were two things you never wanted to observe being manufactured: hot dogs and laws. I'd add a third to that list - standards.
Do the PCI folks _really_ think "stateful inspection" is the answer, and isn't that a Checkpoint trademark anyway?
Unfortunately for firewalls, the horse left the barn around
1996 and hasn't been seen since. My guess is that the authors
of the standard were thinking "Let's make sure that it's
at least something better than a screening router." Which
shows that, in general, almost nobody still gets the point.
mjr.
--
Marcus J. Ranum CSO, Tenable Network Security, Inc.
http://www.tenablesecurity.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: PCI DSS & Firewalls, (continued)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls ArkanoiD (Apr 10)
- Re: PCI DSS & Firewalls Frank Knobbe (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls AMuse (Apr 02)
- Re: PCI DSS & Firewalls Darden, Patrick S. (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Chris Myers (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls R. DuFresne (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls lordchariot (Apr 02)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 03)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Dotzero (Apr 03)