WTF is a Managed Firewall?
-
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
title says it all; Aren't all Firewalls Managed???
No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.
so we have to hire a company to manage our firewall?
No
-
-
Earlier, he mentioned that his company's payment processor was pushing this on them.
-
@scotth said in WTF is a Managed Firewall?:
Earlier, he mentioned that his company's payment processor was pushing this on them.
Yeah, I dont know what the hell is going on ; just something that was brought up in the office, and we cant be PCI compliant until we have this ; so That's why i was wondering.
-
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
title says it all; Aren't all Firewalls Managed???
No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.
so we have to hire a company to manage our firewall?
No of course not - it means that someone - anyone - has to be responsible for it - and that person/team should be updating it regularly.
-
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
title says it all; Aren't all Firewalls Managed???
No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.
so we have to hire a company to manage our firewall?
Managed Firewall = A firewall with a managed service.
You don't need it, but if you want to call it that, then yes.
It's like having a "hosted server" and asking "what's a hosted server", and the answer is "a server someone hosts for you." Does that mean that you need one? No, you can just use a server normally.
-
@scotth said in WTF is a Managed Firewall?:
Earlier, he mentioned that his company's payment processor was pushing this on them.
Then yes, this implies that the payment process doesn't consider any of their customers to be capable to manage a firewall. Says something about what the payment processor thinks of itself, but they probably know best.
-
@JaredBusch said in WTF is a Managed Firewall?:
https://www.pcisecuritystandards.org/pci_security/glossary#F
https://www.pcisecuritystandards.org/pci_security/glossary#M
this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.
Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...
-
@Dashrender said in WTF is a Managed Firewall?:
@JaredBusch said in WTF is a Managed Firewall?:
https://www.pcisecuritystandards.org/pci_security/glossary#F
https://www.pcisecuritystandards.org/pci_security/glossary#M
this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.
Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...
That is a glossary. not the specifications.
-
@WrCombs said in WTF is a Managed Firewall?:
@scotth said in WTF is a Managed Firewall?:
Earlier, he mentioned that his company's payment processor was pushing this on them.
Yeah, I dont know what the hell is going on ; just something that was brought up in the office, and we cant be PCI compliant until we have this ; so That's why i was wondering.
Yes you can, someone is just full of shit trying to sell you something.
As always... do as you are told, but recognize when someone is full of crap and making up am implausible lie. Don't repeat obvious lies as if they were true, but accept that your business is run by idiots who don't know what is plausible, what is true, etc.
So YOUR business must now believe this, so let it go. They've decided to say anything to justify doing what they want. It's that simple. It's not your place at work to disagree. But outside of work, don't act like this as any foundation in reality. It's purely made up.
-
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
title says it all; Aren't all Firewalls Managed???
No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.
so we have to hire a company to manage our firewall?
No of course not - it means that someone - anyone - has to be responsible for it - and that person/team should be updating it regularly.
The problem here is that it's not a technical term, it's a marketing term. One used almost exclusively by ISPs. So you can't manage it yourself and claim to be doing this, that doesn't fit any standard use of the term.
-
@Dashrender said in WTF is a Managed Firewall?:
@JaredBusch said in WTF is a Managed Firewall?:
https://www.pcisecuritystandards.org/pci_security/glossary#F
https://www.pcisecuritystandards.org/pci_security/glossary#M
this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.
Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...
I Literally found 4 documents that said the exact same thing. . . all of which came from the PCI site.
But Thanks @JaredBusch for posting it.
-
It's a pure money grab. You have to buy this from us or we'll shut you off, because gubament
-
well now that I know more about it, I can shake my head when they hire a company to manage the firewall..
I spoke up earlier and said I'd do it but they'd have to pay me to do it.. that was shut down quickly. -
@WrCombs said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
@JaredBusch said in WTF is a Managed Firewall?:
https://www.pcisecuritystandards.org/pci_security/glossary#F
https://www.pcisecuritystandards.org/pci_security/glossary#M
this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.
Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...
I Literally found 4 documents that said the exact same thing. . . all of which came from the PCI site.
But Thanks @JaredBusch for posting it.
Nothing you linked was from the official website for the PCI Security Standards Council
-
@WrCombs said in WTF is a Managed Firewall?:
I Literally found 4 documents that said the exact same thing. . . all of which came from the PCI site.
They listed a requirement?
-
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
@scotth said in WTF is a Managed Firewall?:
Earlier, he mentioned that his company's payment processor was pushing this on them.
Yeah, I dont know what the hell is going on ; just something that was brought up in the office, and we cant be PCI compliant until we have this ; so That's why i was wondering.
Yes you can, someone is just full of shit trying to sell you something.
As always... do as you are told, but recognize when someone is full of crap and making up am implausible lie. Don't repeat obvious lies as if they were true, but accept that your business is run by idiots who don't know what is plausible, what is true, etc.
So YOUR business must now believe this, so let it go. They've decided to say anything to justify doing what they want. It's that simple. It's not your place at work to disagree. But outside of work, don't act like this as any foundation in reality. It's purely made up.
You say this - but did you see where he said that his boss said
Basically just told my boss that I'll handle the "Managed firewall" for the company, but we're doing it my way with the equipment i tell you to buy.
So now the boss is is confused - the boss said need 'managed firewall' which means they have to hire this to someone else to support/manage (according to you) yet, in that same sentence he's told that he will be the one handling it, but using the equipment the boss dictates.
Actually in reading that, I guess there is no contradiction... @WrCombs just gets to bet the point of contact for the company he decides to hire to manage the firewall the boss buys... Ok.. easy. -
@WrCombs said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
would a managed firewall mean : A firewall that is maintained? such as firmware updates?
if so then any firewall would be a "managed Firewall" ...that's my take on it.
Can you post the specific rule from PCI that this is in regard to?
the rule that I was told during a class::
To be PCI Compliant you have to have a Managed firewall with regular firmware / software updates as often as they come out.
This proves that the class was not official, or legit. This is something so basic, no instructor could reasonably claim to understand what he was saying and repeat these words. Either the instructor doesn't understand PCI basics, or doesn't know what a managed firewall means in the industry.
No matter what, it indicates that the class was BS.
-
@WrCombs said in WTF is a Managed Firewall?:
well now that I know more about it, I can shake my head when they hire a company to manage the firewall..
I spoke up earlier and said I'd do it but they'd have to pay me to do it.. that was shut down quickly.Why would they have to pay you differently than they are now? You are already being paid. You're hourly, if you are working on the firewall, you're just getting your normal hourly rate. Just like the rest of us here.
-
@JaredBusch said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
@JaredBusch said in WTF is a Managed Firewall?:
https://www.pcisecuritystandards.org/pci_security/glossary#F
https://www.pcisecuritystandards.org/pci_security/glossary#M
this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.
Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...
I Literally found 4 documents that said the exact same thing. . . all of which came from the PCI site.
But Thanks @JaredBusch for posting it.
Nothing you linked was from the official website for the PCI Security Standards Council
Because I got busy with calls I didn't have the chance to post it.