Educause Security Discussion mailing list archives
Re: PCI and banks that use Akamai
From: Daniel Robert Adinolfi <dra1 () CORNELL EDU>
Date: Mon, 14 Jun 2010 12:43:01 -0400
On Jun 14, 2010, at 12:24, Flynn, Gary wrote:
How do you meet PCI regulations restricting desktops handling card data to banking sites if the banking sites use Akamai services and their IP addresses constantly change?
Greetings, Depending on the firewall model, you may be able to restrict access based on fully qualified domain name instead of IP address/range. SonicWalls can do this, for example. We're doing this for allowing access to Windows Update servers and a few other dynamic sites in our PCI environment, and it seems to work fine. Good luck. -Dan _________________ Daniel Adinolfi, CISSP Senior Security Engineer, IT Security Office Cornell University - Office of Information Technologies email: dra1 () cornell edu phone: 607-255-7657
Current thread:
- PCI and banks that use Akamai Flynn, Gary (Jun 14)
- Re: PCI and banks that use Akamai Daniel Robert Adinolfi (Jun 14)
- Re: PCI and banks that use Akamai Valdis Kletnieks (Jun 14)
- Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
- Re: PCI and banks that use Akamai John Ladwig (Jun 14)
- Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
- Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
- Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
- Re: PCI and banks that use Akamai John Ladwig (Jun 14)
- Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)
- Re: PCI and banks that use Akamai Daniel, Jack (Jun 14)
- Re: PCI and banks that use Akamai John Ladwig (Jun 14)
- Re: PCI and banks that use Akamai Jeffrey Schiller (Jun 14)