Re: Merchant services credit card project

[Scott Genung <sagenung () ILSTU EDU>]

Willis,

OK. That's the definition I've been pushing. So the next question is (also
part of the debate), what constitutes a firewall? Can it be host based
(this was implied) or must it be a network appliance? Or, can it be router
ACLs using the established keyword for providing basic stateful inspection
protection?

At 10:19 PM 6/26/2005, Willis Marti wrote:
> > For example, the term public facing (used in the
> > self assessment) is something that we don't seem to agree on here. Does
> > this mean the public Internet or basically anyone (including campus users)
> > that interface to the front-end transaction gateway?
>
>  We have about 10 different processing sites physically on our main campus.
> Our understanding is that for each processing system, I have to establish a
> demarcation point, using a firewall that does NAT, such that all traffic to
> a credit card system flows through that firewall. Any system "behind" the
> firewall must be covered by the assessment. Anything outside that firewall
> is the public. So we have a campus (and some departmental) firewall, but we
> also have a firewall in front of every processing system. Our residence halls,
> for example, are behind the campus firewall, but are "public" compared to any
> of the card processing systems.
> Cheers,
>  Willis Marti
>  Associate Director for Networking
>  Computing & Information Services
>  Texas A&M University


Scott Genung
Manager of Networking Systems
Telecommunications and Networking
Illinois State University
124 Julian Hall
Normal, IL 61790-3500

sagenung () ilstu edu
Phone: (309)438-7258
Web: http://www.tel.ilstu.edu