ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    WTF is a Managed Firewall?

    Scheduled Pinned Locked Moved Water Closet
    firewallsmanagedfirewallwtf
    65 Posts 8 Posters 4.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender
      last edited by

      This blog post - while not the actual law - seems to talk about several of the requirements.
      https://www.securitymetrics.com/blog/firewall-pci-compliance-5-things-youre-doing-wrong

      @WrCombs said in WTF is a Managed Firewall?:

      this what I found @Dashrender From this website:https://blog.rsisecurity.com/pci-compliance-firewall-requirements-pci-dss-req-1/

      3ZO0Rvu.png

      This is still not the actual PCI compliance regulation...

      DustinB3403D 1 Reply Last reply Reply Quote 0
      • DustinB3403D
        DustinB3403 @Dashrender
        last edited by

        @Dashrender said in WTF is a Managed Firewall?:

        This is still not the actual PCI compliance regulation...

        To be fair the actual regulation could state that you need a literal wall of fire being managed by someone who keeps it burning by throwing gasoline and wood onto it.

        DashrenderD 1 Reply Last reply Reply Quote 2
        • DashrenderD
          Dashrender @DustinB3403
          last edited by

          @DustinB3403 said in WTF is a Managed Firewall?:

          @Dashrender said in WTF is a Managed Firewall?:

          This is still not the actual PCI compliance regulation...

          To be fair the actual regulation could state that you need a literal wall of fire being managed by someone who keeps it burning by throwing gasoline and wood onto it.

          lol - great, actually, let's hope it is, that's so much easier to manage 😉

          WrCombsW 1 Reply Last reply Reply Quote 1
          • WrCombsW
            WrCombs @Dashrender
            last edited by

            @Dashrender said in WTF is a Managed Firewall?:

            @DustinB3403 said in WTF is a Managed Firewall?:

            @Dashrender said in WTF is a Managed Firewall?:

            This is still not the actual PCI compliance regulation...

            To be fair the actual regulation could state that you need a literal wall of fire being managed by someone who keeps it burning by throwing gasoline and wood onto it.

            lol - great, actually, let's hope it is, that's so much easier to manage 😉

            I've sited 3 different things, along with @IRJ
            the guileline outlined in my post says "Must install and maintain Firewall"

            Nothing about a managed firewall.

            scottalanmillerS 1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @WrCombs
              last edited by

              @WrCombs said in WTF is a Managed Firewall?:

              title says it all; Aren't all Firewalls Managed???

              No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.

              WrCombsW 1 Reply Last reply Reply Quote 0
              • WrCombsW
                WrCombs @scottalanmiller
                last edited by

                @scottalanmiller said in WTF is a Managed Firewall?:

                @WrCombs said in WTF is a Managed Firewall?:

                title says it all; Aren't all Firewalls Managed???

                No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.

                so we have to hire a company to manage our firewall?

                S DashrenderD scottalanmillerS 3 Replies Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch
                  last edited by JaredBusch

                  Official website of the PCI Security Standards Council: https://www.pcisecuritystandards.org/document_library

                  1 Reply Last reply Reply Quote 1
                  • S
                    scotth @WrCombs
                    last edited by

                    @WrCombs said in WTF is a Managed Firewall?:

                    @scottalanmiller said in WTF is a Managed Firewall?:

                    @WrCombs said in WTF is a Managed Firewall?:

                    title says it all; Aren't all Firewalls Managed???

                    No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.

                    so we have to hire a company to manage our firewall?

                    No

                    1 Reply Last reply Reply Quote 0
                    • JaredBuschJ
                      JaredBusch
                      last edited by

                      https://www.pcisecuritystandards.org/pci_security/glossary#F

                      245f8812-21e9-4ae7-858a-d671e4f2e213-image.png

                      https://www.pcisecuritystandards.org/pci_security/glossary#M

                      9a88d1a8-4ce4-4497-a10e-9515be32b051-image.png

                      DashrenderD 1 Reply Last reply Reply Quote 0
                      • S
                        scotth
                        last edited by

                        Earlier, he mentioned that his company's payment processor was pushing this on them.

                        WrCombsW scottalanmillerS 2 Replies Last reply Reply Quote 0
                        • WrCombsW
                          WrCombs @scotth
                          last edited by

                          @scotth said in WTF is a Managed Firewall?:

                          Earlier, he mentioned that his company's payment processor was pushing this on them.

                          Yeah, I dont know what the hell is going on ; just something that was brought up in the office, and we cant be PCI compliant until we have this ; so That's why i was wondering.

                          scottalanmillerS 1 Reply Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @WrCombs
                            last edited by

                            @WrCombs said in WTF is a Managed Firewall?:

                            @scottalanmiller said in WTF is a Managed Firewall?:

                            @WrCombs said in WTF is a Managed Firewall?:

                            title says it all; Aren't all Firewalls Managed???

                            No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.

                            so we have to hire a company to manage our firewall?

                            No of course not - it means that someone - anyone - has to be responsible for it - and that person/team should be updating it regularly.

                            scottalanmillerS 1 Reply Last reply Reply Quote 0
                            • scottalanmillerS
                              scottalanmiller @WrCombs
                              last edited by

                              @WrCombs said in WTF is a Managed Firewall?:

                              @scottalanmiller said in WTF is a Managed Firewall?:

                              @WrCombs said in WTF is a Managed Firewall?:

                              title says it all; Aren't all Firewalls Managed???

                              No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.

                              so we have to hire a company to manage our firewall?

                              Managed Firewall = A firewall with a managed service.

                              You don't need it, but if you want to call it that, then yes.

                              It's like having a "hosted server" and asking "what's a hosted server", and the answer is "a server someone hosts for you." Does that mean that you need one? No, you can just use a server normally.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @scotth
                                last edited by

                                @scotth said in WTF is a Managed Firewall?:

                                Earlier, he mentioned that his company's payment processor was pushing this on them.

                                Then yes, this implies that the payment process doesn't consider any of their customers to be capable to manage a firewall. Says something about what the payment processor thinks of itself, but they probably know best.

                                1 Reply Last reply Reply Quote 0
                                • DashrenderD
                                  Dashrender @JaredBusch
                                  last edited by

                                  @JaredBusch said in WTF is a Managed Firewall?:

                                  https://www.pcisecuritystandards.org/pci_security/glossary#F

                                  245f8812-21e9-4ae7-858a-d671e4f2e213-image.png

                                  https://www.pcisecuritystandards.org/pci_security/glossary#M

                                  9a88d1a8-4ce4-4497-a10e-9515be32b051-image.png

                                  this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.

                                  Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...

                                  JaredBuschJ WrCombsW 2 Replies Last reply Reply Quote 1
                                  • JaredBuschJ
                                    JaredBusch @Dashrender
                                    last edited by

                                    @Dashrender said in WTF is a Managed Firewall?:

                                    @JaredBusch said in WTF is a Managed Firewall?:

                                    https://www.pcisecuritystandards.org/pci_security/glossary#F

                                    245f8812-21e9-4ae7-858a-d671e4f2e213-image.png

                                    https://www.pcisecuritystandards.org/pci_security/glossary#M

                                    9a88d1a8-4ce4-4497-a10e-9515be32b051-image.png

                                    this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.

                                    Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...

                                    That is a glossary. not the specifications.

                                    1 Reply Last reply Reply Quote 0
                                    • scottalanmillerS
                                      scottalanmiller @WrCombs
                                      last edited by

                                      @WrCombs said in WTF is a Managed Firewall?:

                                      @scotth said in WTF is a Managed Firewall?:

                                      Earlier, he mentioned that his company's payment processor was pushing this on them.

                                      Yeah, I dont know what the hell is going on ; just something that was brought up in the office, and we cant be PCI compliant until we have this ; so That's why i was wondering.

                                      Yes you can, someone is just full of shit trying to sell you something.

                                      As always... do as you are told, but recognize when someone is full of crap and making up am implausible lie. Don't repeat obvious lies as if they were true, but accept that your business is run by idiots who don't know what is plausible, what is true, etc.

                                      So YOUR business must now believe this, so let it go. They've decided to say anything to justify doing what they want. It's that simple. It's not your place at work to disagree. But outside of work, don't act like this as any foundation in reality. It's purely made up.

                                      DashrenderD 1 Reply Last reply Reply Quote 1
                                      • scottalanmillerS
                                        scottalanmiller @Dashrender
                                        last edited by

                                        @Dashrender said in WTF is a Managed Firewall?:

                                        @WrCombs said in WTF is a Managed Firewall?:

                                        @scottalanmiller said in WTF is a Managed Firewall?:

                                        @WrCombs said in WTF is a Managed Firewall?:

                                        title says it all; Aren't all Firewalls Managed???

                                        No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.

                                        so we have to hire a company to manage our firewall?

                                        No of course not - it means that someone - anyone - has to be responsible for it - and that person/team should be updating it regularly.

                                        The problem here is that it's not a technical term, it's a marketing term. One used almost exclusively by ISPs. So you can't manage it yourself and claim to be doing this, that doesn't fit any standard use of the term.

                                        1 Reply Last reply Reply Quote 0
                                        • WrCombsW
                                          WrCombs @Dashrender
                                          last edited by

                                          @Dashrender said in WTF is a Managed Firewall?:

                                          @JaredBusch said in WTF is a Managed Firewall?:

                                          https://www.pcisecuritystandards.org/pci_security/glossary#F

                                          245f8812-21e9-4ae7-858a-d671e4f2e213-image.png

                                          https://www.pcisecuritystandards.org/pci_security/glossary#M

                                          9a88d1a8-4ce4-4497-a10e-9515be32b051-image.png

                                          this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.

                                          Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...

                                          I Literally found 4 documents that said the exact same thing. . . all of which came from the PCI site.

                                          But Thanks @JaredBusch for posting it.

                                          JaredBuschJ scottalanmillerS 2 Replies Last reply Reply Quote 0
                                          • S
                                            scotth
                                            last edited by

                                            It's a pure money grab. You have to buy this from us or we'll shut you off, because gubament

                                            1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 2 / 4
                                            • First post
                                              Last post