Re: PCI DSS & Firewalls

[jseymour () linxnet com (Jim Seymour)]

I haven't read this thing, but...

"Paul D. Robertson" <paul () compuwar net> wrote:
> does a small compay 
> with 5 servers *really* need to seperate every single function onto its 
> own system?
[snip]

"Small company?"  *Any* company.  Yeah, some operating platforms don't
handle walking and chewing gum at the same time well, but others do.
So now somebody's saying that I need to take tried-and-true solutions
that have been both economical and have worked well for years, and
increase both the cost and complexity of my network services
because...?

I've got a box here that is usually just loafing along while playing:

    . Main fileserver of 1TB+ - both NFS and SMB
    . Primary DNS
    . LAN DHCP/BOOTP server
    . Primary LDAP server
    . WLAN RADIUS server
    . Internal NTP server
    . SQL (PostgreSQL and MySQL) servers
    . Intranet (web) server
    . Primary inside mailserver (incl. POP3)
    . Print server
    . "Root" for internal self-signed certs
    . TFTP server
    . Internal FTP server
    . CVS server

Thing runs 24x7x52 and so far has only come down for power failures
that exceeded the UPS' capacity, patches or to occasionally haul it out
back to blow the dust out.

Like I said: I haven't read the docs to which this thread refers, but
if I'm inferring from Paul's comment correctly: This thing is
suggesting I'd have to replace this one under-loaded server with... 14
or more?!?!  Good luck convincing my management of that!

Regards,
Jim
-- 
Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.linxnet.com/contact/scform.php>.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards