Educause Security Discussion mailing list archives

Re: PCI and banks that use Akamai

From: Daniel Robert Adinolfi <dra1 () CORNELL EDU>
Date: Mon, 14 Jun 2010 12:43:01 -0400

On Jun 14, 2010, at 12:24, Flynn, Gary wrote:

How do you meet PCI regulations restricting desktops handling card data to banking sites if the banking sites use 
Akamai services and their IP addresses constantly change?


Greetings,

Depending on the firewall model, you may be able to restrict access based on fully qualified domain name instead of IP 
address/range.  SonicWalls can do this, for example.  We're doing this for allowing access to Windows Update servers 
and a few other dynamic sites in our PCI environment, and it seems to work fine.

Good luck.

-Dan


_________________
Daniel Adinolfi, CISSP
Senior Security Engineer, IT Security Office
Cornell University - Office of Information Technologies
email: dra1 () cornell edu   phone: 607-255-7657

Current thread:

PCI and banks that use Akamai Flynn, Gary (Jun 14)
- Re: PCI and banks that use Akamai Daniel Robert Adinolfi (Jun 14)
- Re: PCI and banks that use Akamai Valdis Kletnieks (Jun 14)
  - Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
    - Re: PCI and banks that use Akamai John Ladwig (Jun 14)
    - Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
    - Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
    - Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
    - Re: PCI and banks that use Akamai John Ladwig (Jun 14)
    - Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
    - Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
    - Re: PCI and banks that use Akamai John Ladwig (Jun 14)

(Thread continues...)