Re: PCI DSS & Firewalls

[Chris Blask <chris () blask org>]

From: Paul D. Robertson <paul () compuwar net>
> On Thu, 2 Apr 2009, Potter, Albert (Al) wrote:


> > Chris hits the nail on the head. 


Perhaps the most intelligent comment in recent decades... ;~)

.d.
> No- the fine is what does that, the DSS is just the artifact with which to 
> do it.  However as a "Standard" it's worse than ICSA Firewall testing 
> criteria! ;-P

Now, Al's being nice to me, how can I respond to that?  Keep walking, nothing to see here!

> > Is it perfect?  No, but it is regularly revised (the DSS) and has a
> > mechanism to get better.

> Not only is it not perfect, it's frankly about as bad as a document can 
> get and claim to be a "Security Standard."  It *has* to have the mechanism 
> to get better, it really would have to try to get any worse...  Are two 
> revisions really "regularly revised?"


We have to keep in mind that we aren't just talking about securing networks where they have a Paul Analog (PA) on 
staff.  Even where they do have a PA on staff, most often he is banging his head against a brick wall of corporate 
resource management.  A good PA (or a good PCI consultant, QSA, whathaveyou) seizes on the opportunity to leverage the 
attention of the Great Purse Holders and have them pour some cash on worthy efforts that make the network more secure 
than it was previously.

> *cough*
> Isn't Verizon a QSA?
> *cough*


You should really get that looked at, it could turn into pneumonia...

-woof!

-chris


      
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards