Re: PCI DSS & Firewalls

["Mark" <firewalladmin () bellsouth net>]

Brian Loe wrote:
" What I would VERY MUCH LIKE is a "checklist" like the first set of
instructions I got for (well, it's late and I can't remember the
acronym - and it's since been changed anyway - DoD crap)...."

Oh let me guess! Is it the STIG? Security Technical Implementation Guide? Oh
and now we have the infamous "DISA Gold" which will hit you with a bunch of
CAT 1&2 findings if the system is actually supposed to work. I've also
noticed that between the STIG's, checklists (there are checklists in
addition to the STIG and they are simply called Windows XP Security
Checklist or Desktop Applications Security checklist, etc.) and FDCC there
are conflicting security measures, making it impossible to ever be "fully"
compliant. I will site a simple example that I recall from the top of my
not-yet-balding head (paraphrased, not quoted):

Finding - You have more than one user in the Administrators group on the
computer. For best security, you should only have one user in the
Administrators group on a machine.

Finding - You do not have a backup Administrator account on the machine. For
best security, you should create a second Administrator account on the
computer and keep the password locked in a safe area in case no
Administrators are available, an authorized individual can still perform
administrative functions on the computer.

(Goes back to lurking - Mark)


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards