Penetration Testing mailing list archives
Using linux firewalls for PCI compliant infrastructure
From: Siim Põder <siim () p6drad-teel net>
Date: Fri, 20 Nov 2009 19:05:48 +0200
Hi We are using linux-based servers as firewalls for PCI compliant infrastructure. During audits it has been AOK so far but security people internally have suggested that maybe a commercial product would be better suited for PCI infrastructure (as it is pretty critical). I'm personally very happy with the iptables firewalls - we can use all the standard components for firewalls that we use for everything else (including standard administration methods, patching and so forth). What do you think, would a commercial firewall provide a tangible improvement in security? Is anyone else using linux-based firewalls for PCI (or otherwise sensitive) infrastructure? Best regards, Siim ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Using linux firewalls for PCI compliant infrastructure Siim Põder (Nov 23)