RE: PCI-DSS and IPS

[Steve Majot <steve () tcpstream com>]

Requirement 11.4 of PCI DSS 1.2: 

Use intrusion-detection systems,
and/or intrusion-prevention systems to
monitor all traffic in the cardholder data
environment and alert personnel to
suspected compromises. Keep all
intrusion-detection and prevention
engines up-to-date. 

The goal here is to monitor traffic for anything that might present a
threat to PCI scoped data. I doubt an auditor will fault you for using a
UTM appliance as opposed to standalone firewall and IPS devices. Keep in
mind UTM signature sets are frequently leaner than those used by dedicated
IDS/IPS appliances. If you do go with a UTM at the edge, you might consider
utilizing open source IDS/IPS solutions at key locations on the inside as
well. 

https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html


Steve 


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of raimarm () gmail com
Sent: Friday, February 20, 2009 4:20 AM
To: security-basics () securityfocus com
Subject: PCI-DSS and IPS

Hi All,
I am a technical orientated guy and not sure about my following question.
Is a IPS system in regards to PCI-DSS obligatory ?
If yes, would it be possible to take a FW with IPS functionality
rather to buy a dedicated IPS (like deep-inspection, smart-defense and
the like).
Many Thanks
rm