Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Firewalls and PCI

From: "Josh Haft" <pacmansyu () gmail com>
Date: Wed, 16 Jan 2008 16:34:52 -0600
So the question remains... how do PCI regulations directly affect the
segmenting of networks, if at all?



On 16 Jan 2008 19:58:44 -0000,  <evilwon12 () yahoo com> wrote:

The assumption of items being untrustworthy is good, however it is a bit overboard to state that a DHCP network is 
more untrustworthy than one with purely static IP addresses.


If a bad guy has physical access to machines on, or access to your PCI network nothing else matters.  The mission to 
protect data has failed.  This has nothing to do with DHCP, hard coding addresses to mac addresses or using 802.1x 
(although this is much better).  In places that I have been, people have had to badge into the building, pass a 
security guard with a picture badge, and then badge into the door to get into the area with the PCI network 
(segmented from other corporate networks).


Segmenting out the network is a good thing if you are dealing with PCI, if it is done properly.  The key with it is 
to properly segment it while still ensuring business functionality.
Previous By Date Next
Previous By Thread Next

Current thread: