Firewall Wizards mailing list archives

Re: PCI DSS & Firewalls

From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 2 Apr 2009 22:51:55 -0500 (EST)

On Thu, 2 Apr 2009, Chris Blask wrote:

No- the fine is what does that, the DSS is just the artifact with which to 
do it.  However as a "Standard" it's worse than ICSA Firewall testing 
criteria! ;-P


Now, Al's being nice to me, how can I respond to that?  Keep walking, nothing to see here!


That's just me poking fun at Al - my fingers got into that pie too when I 
was at TruSecure...

We have to keep in mind that we aren't just talking about securing
networks where they have a Paul Analog (PA) on staff.  Even where they
do have a PA on staff, most often he is banging his head against a brick
wall of corporate resource management.  A good PA (or a good PCI
consultant, QSA, whathaveyou) seizes on the opportunity to leverage the
attention of the Great Purse Holders and have them pour some cash on
worthy efforts that make the network more secure than it was previously.


Once again, that doesn't relieve the PCI DSS folks of their responsibility 
to do a good job[tm].  See the posting from Victor Williams to see what 
folly lies in the obvious stuff that most of us came up with in minutes 
about where the flaws lie.

In fact, the fact that you don't have a PA means that training the staff 
that's there is more important, not less important- and one way to do that 
is with well-written, detailed and intelligent criteria.

The pouring cash on the problem thing is solved contractually with the 
fines- again, that's not germain to how poorly thought-out and written the 
criteria are.

*cough*
Isn't Verizon a QSA?
*cough*



You should really get that looked at, it could turn into pneumonia...


It's already laryngitis :(

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
           Moderator: Firewall-Wizards mailing list
           Art: http://PaulDRobertson.imagekind.com/


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: PCI DSS & Firewalls, (continued)
- - - Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
    - Re: PCI DSS & Firewalls Chris Myers (Apr 02)
    - Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
  - Re: PCI DSS & Firewalls R. DuFresne (Apr 02)
- Re: PCI DSS & Firewalls Potter, Albert (Al) (Apr 02)
  - Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
    - Re: PCI DSS & Firewalls lordchariot (Apr 02)
    - Re: PCI DSS & Firewalls Jim Seymour (Apr 03)
    - Re: PCI DSS & Firewalls Chris Blask (Apr 02)
    - Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
    - Re: PCI DSS & Firewalls Dotzero (Apr 03)
    - Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 03)
    - Re: PCI DSS & Firewalls Chris Blask (Apr 03)
    - Re: PCI DSS & Firewalls Bill McGee (Apr 03)
    - Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 03)
    - Re: PCI DSS & Firewalls Chris Blask (Apr 05)
    - Re: PCI DSS & Firewalls Jim Seymour (Apr 06)
    - Re: PCI DSS & Firewalls Chris Blask (Apr 06)
- Re: PCI DSS & Firewalls hermit (Apr 03)