Firewall Wizards mailing list archives
Re: Using linux firewalls for PCI compliant infrastructure
From: Siim Põder <siim () p6drad-teel net>
Date: Wed, 25 Nov 2009 09:39:01 +0200
Hi Tracy Reed wrote:
I am. For PCI. No problem. Did the people who suggested something commercial provide any good quantifiable reasons or was it simply cargo-cult network security?
IMO, mostly the latter (the cargo cult one): 1) Commercial vendors are sometimes certified to be secure 2) Lot's of people are using commercial firewalls for critical infrastructure and hence they are better tested 3) Commercial vendor can be pushed to produce patches for problems We currently have iptables on central firewalls and mod_security doing application level filtering on webservers themselves. It was suggested that a firewall doing SSL termination and content inspection would be better because it would have better application-level rulesets (namely, protection from common DOS bots was mentioned). Generally, I dont think they make a very good case. However, I promised to ask if there are any other shops using open source firewalls out there. Maybe they are just worried to be on the boat alone :) Thanks for your comments! Siim _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Using linux firewalls for PCI compliant infrastructure Siim Põder (Nov 24)
- Re: Using linux firewalls for PCI compliant infrastructure Paul D. Robertson (Nov 24)
- Re: Using linux firewalls for PCI compliant infrastructure Tracy Reed (Nov 24)
- Re: Using linux firewalls for PCI compliant infrastructure Siim Põder (Nov 25)
- Re: Using linux firewalls for PCI compliant infrastructure Victor Williams (Nov 25)
- Re: Using linux firewalls for PCI compliant infrastructure Marcin Antkiewicz (Nov 25)
- Re: Using linux firewalls for PCI compliant infrastructure Siim Põder (Nov 25)
- Re: Using linux firewalls for PCI compliant infrastructure Skip Carter (Nov 25)
- Re: Using linux firewalls for PCI compliant infrastructure Kurt Buff (Nov 27)
- Re: Using linux firewalls for PCI compliant infrastructure Anton Chuvakin (Nov 27)