WTF is a Managed Firewall?
-
title says it all; Aren't all Firewalls Managed???
-
would a managed firewall mean : A firewall that is maintained? such as firmware updates?
if so then any firewall would be a "managed Firewall" ... -
It could be managed by you or could be outsourced, ie. managed router from ISP. Is your credit card processor pushing this on you?
-
@WrCombs said in WTF is a Managed Firewall?:
would a managed firewall mean : A firewall that is maintained? such as firmware updates?
if so then any firewall would be a "managed Firewall" ...that's my take on it.
Can you post the specific rule from PCI that this is in regard to?
-
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
would a managed firewall mean : A firewall that is maintained? such as firmware updates?
if so then any firewall would be a "managed Firewall" ...that's my take on it.
Can you post the specific rule from PCI that this is in regard to?
the rule that I was told during a class::
To be PCI Compliant you have to have a Managed firewall with regular firmware / software updates as often as they come out.
-
@scotth said in WTF is a Managed Firewall?:
It could be managed by you or could be outsourced, ie. managed router from ISP. Is your credit card processor pushing this on you?
Yes, something about needing a managed firewall to be in Compliance
-
@WrCombs said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
would a managed firewall mean : A firewall that is maintained? such as firmware updates?
if so then any firewall would be a "managed Firewall" ...that's my take on it.
Can you post the specific rule from PCI that this is in regard to?
the rule that I was told during a class::
To be PCI Compliant you have to have a Managed firewall with regular firmware / software updates as often as they come out.
Don't care about what you were 'told.' Go look it up yourself... then you'll know what the actual rule states.
-
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
would a managed firewall mean : A firewall that is maintained? such as firmware updates?
if so then any firewall would be a "managed Firewall" ...that's my take on it.
Can you post the specific rule from PCI that this is in regard to?
the rule that I was told during a class::
To be PCI Compliant you have to have a Managed firewall with regular firmware / software updates as often as they come out.
Don't care about what you were 'told.' Go look it up yourself... then you'll know what the actual rule states.
I pulled that from my notes from that class ...
-
@WrCombs said in WTF is a Managed Firewall?:
@scotth said in WTF is a Managed Firewall?:
It could be managed by you or could be outsourced, ie. managed router from ISP. Is your credit card processor pushing this on you?
Yes, something about needing a managed firewall to be in Compliance
Not surprised. We have a hybrid environment with regard to our processors. They piggy back on our network and have internet access through our modem. They open a hole for us to do backoffice work locked down to specific IPs in our HQ and to a single PC on site. The remainder of our network is ours and is behind our firewall. I'm quite leery about giving our processor / brand franchiser total control over our devices, numbers, communications, phones, cameras, .... You get the picture.
Oh and @Dashrender is right. Very right.
-
-
this what I found @Dashrender From this website:https://blog.rsisecurity.com/pci-compliance-firewall-requirements-pci-dss-req-1/
-
-
-
and this one says:
https://www.pcidss.com/listing-category/managed-firewall-services/A managed firewall service provides an outsourced, specialist function that configures and maintains firewalls. This provider ensures correct and secure functionality of firewalls, typically on a 24/7 basis from a PCI DSS compliant Secure Operations Centre (SOC).
-
@WrCombs said in WTF is a Managed Firewall?:
and this one says:
https://www.pcidss.com/listing-category/managed-firewall-services/A managed firewall service provides an outsourced, specialist function that configures and maintains firewalls. This provider ensures correct and secure functionality of firewalls, typically on a 24/7 basis from a PCI DSS compliant Secure Operations Centre (SOC).
I am not an expert at PCI Compliance, but from what I am reading I dont think it has to be outsourced. I could be wrong though. I think you have to have frequent audits which they count as managed.
-
In our case, no we don't have to oursource our firewall management. We can, however, choose to opt in to a total package and allow the 3rd party contracted by the processor or brand to manage our firewalls... for a fee, of course. I can tell you, it's not cheap. If they manage the POS and everything involved with it, and we manage the remainder of the site, they are still responsible for secure transactions and remediation.
-
@IRJ said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
and this one says:
https://www.pcidss.com/listing-category/managed-firewall-services/A managed firewall service provides an outsourced, specialist function that configures and maintains firewalls. This provider ensures correct and secure functionality of firewalls, typically on a 24/7 basis from a PCI DSS compliant Secure Operations Centre (SOC).
I am not an expert at PCI Compliance, but from what I am reading I dont think it has to be outsourced. I could be wrong though. I think you have to have frequent audits which they count as managed.
thats what im thinking
-
This blog post - while not the actual law - seems to talk about several of the requirements.
https://www.securitymetrics.com/blog/firewall-pci-compliance-5-things-youre-doing-wrong@WrCombs said in WTF is a Managed Firewall?:
this what I found @Dashrender From this website:https://blog.rsisecurity.com/pci-compliance-firewall-requirements-pci-dss-req-1/
This is still not the actual PCI compliance regulation...
-
@Dashrender said in WTF is a Managed Firewall?:
This is still not the actual PCI compliance regulation...
To be fair the actual regulation could state that you need a literal wall of fire being managed by someone who keeps it burning by throwing gasoline and wood onto it.
-
@DustinB3403 said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
This is still not the actual PCI compliance regulation...
To be fair the actual regulation could state that you need a literal wall of fire being managed by someone who keeps it burning by throwing gasoline and wood onto it.
lol - great, actually, let's hope it is, that's so much easier to manage
