Firewall Wizards mailing list archives

Re: PCI DSS & Firewalls

From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 2 Apr 2009 12:41:04 -0500 (EST)

On Thu, 2 Apr 2009, Chris Blask wrote:

piece of serious substance in there somewhere.  It is - at best - the
morning of a one-day Network Security For Idiots class (maybe the first
hour) and the folks writing it are a thousand times more interested in
not doing anything that could lead to them being sued than they are
about creating actual security.  But we need to set baseline standards


That's the point- if it were more well-written and had depth, it would be 
more than the "Don't get sued" checklist, it'd be a move forward to 
achieving security, and the point is supposed to be about DLP for CC info, 
not not getting sued, so it's already lost at some level.  Great synopsis 
though!

in industry as a whole somehow and whatever we can get people to
reliably follow is a better start than a more laudable standard that is
ignored.


Contractually, it can't be ignored without great peril, so that's a bad 
excuse for them not doing better.

I also agree with Marcus that it's the Pen Tester's Employment Security 
Act..



Oh, it is.  And even there, having more Pen Testing done in the world is
itself a move in a positive direction, so that's a good thing by any
metric.


If you're a pen tester.  I can set up a gazillion systems with holes that 
a pen test won't ever find- pen testing as a stipulated requirement is 
silly- there are lots of ways to ensure your security that actually work, 
pen testing at best should be an option in conjunction with stronger 
methods like configuration auditing of security devices.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
           Moderator: Firewall-Wizards mailing list
           Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: PCI DSS & Firewalls, (continued)
- Re: PCI DSS & Firewalls Victor Williams (Apr 02)
  - Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
    - Re: PCI DSS & Firewalls Victor Williams (Apr 02)
  - Re: PCI DSS & Firewalls Frank Knobbe (Apr 02)
    - Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
    - Re: PCI DSS & Firewalls david (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
  - Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
    - Re: PCI DSS & Firewalls Jim Seymour (Apr 02)
    - Re: PCI DSS & Firewalls Chris Blask (Apr 02)
    - Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
    - Re: PCI DSS & Firewalls Jim Seymour (Apr 02)
    - Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
    - Re: PCI DSS & Firewalls Paul Melson (Apr 03)
    - Re: PCI DSS & Firewalls Brian Loe (Apr 05)
    - Re: PCI DSS & Firewalls miedaner (Apr 05)
    - Re: PCI DSS & Firewalls Mark (Apr 06)
    - Re: PCI DSS & Firewalls Brian Loe (Apr 06)
    - Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
    - Re: PCI DSS & Firewalls Chris Blask (Apr 02)
    - Re: PCI DSS & Firewalls ArkanoiD (Apr 10)

(Thread continues...)