ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    WTF is a Managed Firewall?

    Scheduled Pinned Locked Moved Water Closet
    firewallsmanagedfirewallwtf
    65 Posts 8 Posters 6.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • IRJI
      IRJ
      last edited by

      https://lmddgtfy.net/?q=managed firewall pci compliance

      WrCombsW 1 Reply Last reply Reply Quote 1
      • WrCombsW
        WrCombs
        last edited by

        this what I found @Dashrender From this website:https://blog.rsisecurity.com/pci-compliance-firewall-requirements-pci-dss-req-1/

        3ZO0Rvu.png

        1 Reply Last reply Reply Quote 0
        • WrCombsW
          WrCombs @IRJ
          last edited by

          @IRJ said in WTF is a Managed Firewall?:

          https://lmddgtfy.net/?q=managed firewall pci compliance

          that was cool .

          IRJI 1 Reply Last reply Reply Quote 0
          • IRJI
            IRJ @WrCombs
            last edited by

            @WrCombs

            https://www.securitymetrics.com/blog/getting-compliant-pci-requirement-1-basics-managing-your-firewall

            1 Reply Last reply Reply Quote 0
            • WrCombsW
              WrCombs
              last edited by

              and this one says:
              https://www.pcidss.com/listing-category/managed-firewall-services/

              A managed firewall service provides an outsourced, specialist function that configures and maintains firewalls. This provider ensures correct and secure functionality of firewalls, typically on a 24/7 basis from a PCI DSS compliant Secure Operations Centre (SOC).

              IRJI scottalanmillerS 3 Replies Last reply Reply Quote 0
              • IRJI
                IRJ @WrCombs
                last edited by

                @WrCombs said in WTF is a Managed Firewall?:

                and this one says:
                https://www.pcidss.com/listing-category/managed-firewall-services/

                A managed firewall service provides an outsourced, specialist function that configures and maintains firewalls. This provider ensures correct and secure functionality of firewalls, typically on a 24/7 basis from a PCI DSS compliant Secure Operations Centre (SOC).

                I am not an expert at PCI Compliance, but from what I am reading I dont think it has to be outsourced. I could be wrong though. I think you have to have frequent audits which they count as managed.

                WrCombsW 1 Reply Last reply Reply Quote 0
                • S
                  scotth
                  last edited by

                  In our case, no we don't have to oursource our firewall management. We can, however, choose to opt in to a total package and allow the 3rd party contracted by the processor or brand to manage our firewalls... for a fee, of course. I can tell you, it's not cheap. If they manage the POS and everything involved with it, and we manage the remainder of the site, they are still responsible for secure transactions and remediation.

                  1 Reply Last reply Reply Quote 0
                  • WrCombsW
                    WrCombs @IRJ
                    last edited by

                    @IRJ said in WTF is a Managed Firewall?:

                    @WrCombs said in WTF is a Managed Firewall?:

                    and this one says:
                    https://www.pcidss.com/listing-category/managed-firewall-services/

                    A managed firewall service provides an outsourced, specialist function that configures and maintains firewalls. This provider ensures correct and secure functionality of firewalls, typically on a 24/7 basis from a PCI DSS compliant Secure Operations Centre (SOC).

                    I am not an expert at PCI Compliance, but from what I am reading I dont think it has to be outsourced. I could be wrong though. I think you have to have frequent audits which they count as managed.

                    thats what im thinking

                    1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender
                      last edited by

                      This blog post - while not the actual law - seems to talk about several of the requirements.
                      https://www.securitymetrics.com/blog/firewall-pci-compliance-5-things-youre-doing-wrong

                      @WrCombs said in WTF is a Managed Firewall?:

                      this what I found @Dashrender From this website:https://blog.rsisecurity.com/pci-compliance-firewall-requirements-pci-dss-req-1/

                      3ZO0Rvu.png

                      This is still not the actual PCI compliance regulation...

                      DustinB3403D 1 Reply Last reply Reply Quote 0
                      • DustinB3403D
                        DustinB3403 @Dashrender
                        last edited by

                        @Dashrender said in WTF is a Managed Firewall?:

                        This is still not the actual PCI compliance regulation...

                        To be fair the actual regulation could state that you need a literal wall of fire being managed by someone who keeps it burning by throwing gasoline and wood onto it.

                        DashrenderD 1 Reply Last reply Reply Quote 2
                        • DashrenderD
                          Dashrender @DustinB3403
                          last edited by

                          @DustinB3403 said in WTF is a Managed Firewall?:

                          @Dashrender said in WTF is a Managed Firewall?:

                          This is still not the actual PCI compliance regulation...

                          To be fair the actual regulation could state that you need a literal wall of fire being managed by someone who keeps it burning by throwing gasoline and wood onto it.

                          lol - great, actually, let's hope it is, that's so much easier to manage 😉

                          WrCombsW 1 Reply Last reply Reply Quote 1
                          • WrCombsW
                            WrCombs @Dashrender
                            last edited by

                            @Dashrender said in WTF is a Managed Firewall?:

                            @DustinB3403 said in WTF is a Managed Firewall?:

                            @Dashrender said in WTF is a Managed Firewall?:

                            This is still not the actual PCI compliance regulation...

                            To be fair the actual regulation could state that you need a literal wall of fire being managed by someone who keeps it burning by throwing gasoline and wood onto it.

                            lol - great, actually, let's hope it is, that's so much easier to manage 😉

                            I've sited 3 different things, along with @IRJ
                            the guileline outlined in my post says "Must install and maintain Firewall"

                            Nothing about a managed firewall.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @WrCombs
                              last edited by

                              @WrCombs said in WTF is a Managed Firewall?:

                              title says it all; Aren't all Firewalls Managed???

                              No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.

                              WrCombsW 1 Reply Last reply Reply Quote 0
                              • WrCombsW
                                WrCombs @scottalanmiller
                                last edited by

                                @scottalanmiller said in WTF is a Managed Firewall?:

                                @WrCombs said in WTF is a Managed Firewall?:

                                title says it all; Aren't all Firewalls Managed???

                                No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.

                                so we have to hire a company to manage our firewall?

                                S DashrenderD scottalanmillerS 3 Replies Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch
                                  last edited by JaredBusch

                                  Official website of the PCI Security Standards Council: https://www.pcisecuritystandards.org/document_library

                                  1 Reply Last reply Reply Quote 1
                                  • S
                                    scotth @WrCombs
                                    last edited by

                                    @WrCombs said in WTF is a Managed Firewall?:

                                    @scottalanmiller said in WTF is a Managed Firewall?:

                                    @WrCombs said in WTF is a Managed Firewall?:

                                    title says it all; Aren't all Firewalls Managed???

                                    No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.

                                    so we have to hire a company to manage our firewall?

                                    No

                                    1 Reply Last reply Reply Quote 0
                                    • JaredBuschJ
                                      JaredBusch
                                      last edited by

                                      https://www.pcisecuritystandards.org/pci_security/glossary#F

                                      245f8812-21e9-4ae7-858a-d671e4f2e213-image.png

                                      https://www.pcisecuritystandards.org/pci_security/glossary#M

                                      9a88d1a8-4ce4-4497-a10e-9515be32b051-image.png

                                      DashrenderD 1 Reply Last reply Reply Quote 0
                                      • S
                                        scotth
                                        last edited by

                                        Earlier, he mentioned that his company's payment processor was pushing this on them.

                                        WrCombsW scottalanmillerS 2 Replies Last reply Reply Quote 0
                                        • WrCombsW
                                          WrCombs @scotth
                                          last edited by

                                          @scotth said in WTF is a Managed Firewall?:

                                          Earlier, he mentioned that his company's payment processor was pushing this on them.

                                          Yeah, I dont know what the hell is going on ; just something that was brought up in the office, and we cant be PCI compliant until we have this ; so That's why i was wondering.

                                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                                          • DashrenderD
                                            Dashrender @WrCombs
                                            last edited by

                                            @WrCombs said in WTF is a Managed Firewall?:

                                            @scottalanmiller said in WTF is a Managed Firewall?:

                                            @WrCombs said in WTF is a Managed Firewall?:

                                            title says it all; Aren't all Firewalls Managed???

                                            No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.

                                            so we have to hire a company to manage our firewall?

                                            No of course not - it means that someone - anyone - has to be responsible for it - and that person/team should be updating it regularly.

                                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 3 / 4
                                            • First post
                                              Last post