Firewall Wizards mailing list archives
Re: PCI DSS & Firewalls
From: "Paul D. Robertson" <paul () compuwar net>
Date: Thu, 2 Apr 2009 12:41:04 -0500 (EST)
On Thu, 2 Apr 2009, Chris Blask wrote:
piece of serious substance in there somewhere. It is - at best - the morning of a one-day Network Security For Idiots class (maybe the first hour) and the folks writing it are a thousand times more interested in not doing anything that could lead to them being sued than they are about creating actual security. But we need to set baseline standards
That's the point- if it were more well-written and had depth, it would be more than the "Don't get sued" checklist, it'd be a move forward to achieving security, and the point is supposed to be about DLP for CC info, not not getting sued, so it's already lost at some level. Great synopsis though!
in industry as a whole somehow and whatever we can get people to reliably follow is a better start than a more laudable standard that is ignored.
Contractually, it can't be ignored without great peril, so that's a bad excuse for them not doing better.
I also agree with Marcus that it's the Pen Tester's Employment Security Act..Oh, it is. And even there, having more Pen Testing done in the world is itself a move in a positive direction, so that's a good thing by any metric.
If you're a pen tester. I can set up a gazillion systems with holes that a pen test won't ever find- pen testing as a stipulated requirement is silly- there are lots of ways to ensure your security that actually work, pen testing at best should be an option in conjunction with stronger methods like configuration auditing of security devices. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." Moderator: Firewall-Wizards mailing list Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: PCI DSS & Firewalls, (continued)
- Re: PCI DSS & Firewalls Victor Williams (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Victor Williams (Apr 02)
- Re: PCI DSS & Firewalls Frank Knobbe (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls david (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Victor Williams (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Paul Melson (Apr 03)
- Re: PCI DSS & Firewalls Brian Loe (Apr 05)
- Re: PCI DSS & Firewalls miedaner (Apr 05)
- Re: PCI DSS & Firewalls Mark (Apr 06)
- Re: PCI DSS & Firewalls Brian Loe (Apr 06)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls ArkanoiD (Apr 10)