WTF is a Managed Firewall?
-
this what I found @Dashrender From this website:https://blog.rsisecurity.com/pci-compliance-firewall-requirements-pci-dss-req-1/
-
-
-
and this one says:
https://www.pcidss.com/listing-category/managed-firewall-services/A managed firewall service provides an outsourced, specialist function that configures and maintains firewalls. This provider ensures correct and secure functionality of firewalls, typically on a 24/7 basis from a PCI DSS compliant Secure Operations Centre (SOC).
-
@WrCombs said in WTF is a Managed Firewall?:
and this one says:
https://www.pcidss.com/listing-category/managed-firewall-services/A managed firewall service provides an outsourced, specialist function that configures and maintains firewalls. This provider ensures correct and secure functionality of firewalls, typically on a 24/7 basis from a PCI DSS compliant Secure Operations Centre (SOC).
I am not an expert at PCI Compliance, but from what I am reading I dont think it has to be outsourced. I could be wrong though. I think you have to have frequent audits which they count as managed.
-
In our case, no we don't have to oursource our firewall management. We can, however, choose to opt in to a total package and allow the 3rd party contracted by the processor or brand to manage our firewalls... for a fee, of course. I can tell you, it's not cheap. If they manage the POS and everything involved with it, and we manage the remainder of the site, they are still responsible for secure transactions and remediation.
-
@IRJ said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
and this one says:
https://www.pcidss.com/listing-category/managed-firewall-services/A managed firewall service provides an outsourced, specialist function that configures and maintains firewalls. This provider ensures correct and secure functionality of firewalls, typically on a 24/7 basis from a PCI DSS compliant Secure Operations Centre (SOC).
I am not an expert at PCI Compliance, but from what I am reading I dont think it has to be outsourced. I could be wrong though. I think you have to have frequent audits which they count as managed.
thats what im thinking
-
This blog post - while not the actual law - seems to talk about several of the requirements.
https://www.securitymetrics.com/blog/firewall-pci-compliance-5-things-youre-doing-wrong@WrCombs said in WTF is a Managed Firewall?:
this what I found @Dashrender From this website:https://blog.rsisecurity.com/pci-compliance-firewall-requirements-pci-dss-req-1/
This is still not the actual PCI compliance regulation...
-
@Dashrender said in WTF is a Managed Firewall?:
This is still not the actual PCI compliance regulation...
To be fair the actual regulation could state that you need a literal wall of fire being managed by someone who keeps it burning by throwing gasoline and wood onto it.
-
@DustinB3403 said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
This is still not the actual PCI compliance regulation...
To be fair the actual regulation could state that you need a literal wall of fire being managed by someone who keeps it burning by throwing gasoline and wood onto it.
lol - great, actually, let's hope it is, that's so much easier to manage
-
@Dashrender said in WTF is a Managed Firewall?:
@DustinB3403 said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
This is still not the actual PCI compliance regulation...
To be fair the actual regulation could state that you need a literal wall of fire being managed by someone who keeps it burning by throwing gasoline and wood onto it.
lol - great, actually, let's hope it is, that's so much easier to manage
I've sited 3 different things, along with @IRJ
the guileline outlined in my post says "Must install and maintain Firewall"Nothing about a managed firewall.
-
@WrCombs said in WTF is a Managed Firewall?:
title says it all; Aren't all Firewalls Managed???
No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.
-
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
title says it all; Aren't all Firewalls Managed???
No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.
so we have to hire a company to manage our firewall?
-
Official website of the PCI Security Standards Council: https://www.pcisecuritystandards.org/document_library
-
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
title says it all; Aren't all Firewalls Managed???
No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.
so we have to hire a company to manage our firewall?
No
-
-
Earlier, he mentioned that his company's payment processor was pushing this on them.
-
@scotth said in WTF is a Managed Firewall?:
Earlier, he mentioned that his company's payment processor was pushing this on them.
Yeah, I dont know what the hell is going on ; just something that was brought up in the office, and we cant be PCI compliant until we have this ; so That's why i was wondering.
-
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
title says it all; Aren't all Firewalls Managed???
No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.
so we have to hire a company to manage our firewall?
No of course not - it means that someone - anyone - has to be responsible for it - and that person/team should be updating it regularly.
-
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
title says it all; Aren't all Firewalls Managed???
No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.
so we have to hire a company to manage our firewall?
Managed Firewall = A firewall with a managed service.
You don't need it, but if you want to call it that, then yes.
It's like having a "hosted server" and asking "what's a hosted server", and the answer is "a server someone hosts for you." Does that mean that you need one? No, you can just use a server normally.