Security Basics mailing list archives
Re: Re: Firewalls and PCI
From: evilwon12 () yahoo com
Date: 16 Jan 2008 19:58:44 -0000
The assumption of items being untrustworthy is good, however it is a bit overboard to state that a DHCP network is more untrustworthy than one with purely static IP addresses. If a bad guy has physical access to machines on, or access to your PCI network nothing else matters. The mission to protect data has failed. This has nothing to do with DHCP, hard coding addresses to mac addresses or using 802.1x (although this is much better). In places that I have been, people have had to badge into the building, pass a security guard with a picture badge, and then badge into the door to get into the area with the PCI network (segmented from other corporate networks). Segmenting out the network is a good thing if you are dealing with PCI, if it is done properly. The key with it is to properly segment it while still ensuring business functionality.
Current thread:
- Firewalls and PCI Josh Haft (Jan 15)
- Re: Firewalls and PCI Jon R. Kibler (Jan 15)
- Re: Firewalls and PCI Brian Johnson (Jan 16)
- Re: Firewalls and PCI Jon R. Kibler (Jan 16)
- RE: Firewalls and PCI Craig Wright (Jan 16)
- RE: Firewalls and PCI Timmothy Lester (Jan 16)
- Re: Firewalls and PCI Brian Johnson (Jan 16)
- Re: Firewalls and PCI Jon R. Kibler (Jan 15)
- Re: Firewalls and PCI David Glosser (Jan 16)
- RE: Firewalls and PCI Jason Alexander (Jan 16)
- <Possible follow-ups>
- Re: Re: Firewalls and PCI evilwon12 (Jan 16)
- Re: Re: Firewalls and PCI Josh Haft (Jan 16)
- Message not available
- Re: Firewalls and PCI Lyle Worthington (Jan 17)
- RE: Re: Firewalls and PCI Honer, Lance (Jan 18)
- Re: Re: Firewalls and PCI Josh Haft (Jan 18)
- RE: Re: Firewalls and PCI Scott Williamson (Jan 18)
- RE: Re: Firewalls and PCI Honer, Lance (Jan 18)
- Re: Re: Firewalls and PCI Josh Haft (Jan 18)
- Re: Re: Firewalls and PCI Josh Haft (Jan 16)
- RE: Firewalls and PCI Kevin Ortloff (Jan 18)