firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. Re: Using linux firewalls for PCI compliant infrastructure
(Kurt Buff)
2. Re: Message Labs (A)
3. Re: Using linux firewalls for PCI compliant infrastructure
(Anton Chuvakin)
----------------------------------------------------------------------
Message: 1
Date: Thu, 26 Nov 2009 11:22:24 -0800
From: Kurt Buff <kurt.buff@gmail.com>
Subject: Re: [fw-wiz] Using linux firewalls for PCI compliant
infrastructure
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<a9f4a3860911261122k6e5bf0a9l6985441c2387fb19@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
On Tue, Nov 24, 2009 at 14:37, Siim P?der <siim@p6drad-teel.net> wrote:
> Hi
>
> We are using linux-based servers as firewalls for PCI compliant
> infrastructure. During audits it has been OK so far but security
> people internally have suggested that maybe a commercial product would
> be better suited for PCI infrastructure (as it is pretty critical).
>
> I'm personally very happy with the iptables firewalls - we can use all
> the standard components for firewalls that we use for everything else
> (including standard administration methods, patching and so forth).
>
> What do you think, would a commercial firewall provide a tangible
> improvement in security?
> Is anyone else using linux-based firewalls for PCI (or otherwise
> sensitive) infrastructure?
>
> Thanks,
> Siim
Following on from a couple of other posts, you could potentially use
fwbuilder (http://www.fwbuilder.org/) as a front end, and argue that
the results are equivalent to some number of commercial offerings, for
which fwbuilder makes equivalent configurations.
Kurt
------------------------------
Message: 2
Date: Fri, 27 Nov 2009 11:01:43 +1100
From: A <clonemeagain@gmail.com>
Subject: Re: [fw-wiz] Message Labs
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<306c20fc0911261601h3575a643y36865dbecf2f5616@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"
Then you have probably correctly set it up, or, you have just allowed all
SMTP traffic at your gateway.
Found the pdf from MessageLabs:
http://images.messagelabs.com/EmailResources/ImplementationGuides/Subnet_IP.pdf
Think about it, in order to filter your email, you must change your MX
records to direct inbound mail to MessageLabs, they in turn forward it
(after processing/filtering/recording/archiving.. whatever else you pay them
to do) to you. In order to maximise the functionality, and get the most for
your dollar, it is a good idea to stop anyone else from being able to bypass
this process by allowing them to send mail directly to your server.
The guide lists the IP ranges that you should accept email from, and, in
your email from MessageLabs, you would have received an IP or domain address
to forward outbound mail to. This should also be locked down at your gateway
so your users (should they become infected or malicious), can't spam others
abusing your good online name.
A
\ /
Putting the F in BOFH!
2009/11/16 shane brennan <wiserwaylander@gmail.com>
> Hi
>
> We use it in work. havent received any notification like that
>
> Shane
>
>
> On Tue, Nov 10, 2009 at 9:06 PM, Brian Loe <knobdy@gmail.com> wrote:
> > Anyone here using message labs? Have you received notice that you MUST
> > open up your firewall for 8 or so networks?
> > _______________________________________________
> > firewall-wizards mailing list
> > firewall-wizards@listserv.icsalabs.com
> > https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
> >
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20091127/accc31e5/attachment-0001.html>
------------------------------
Message: 3
Date: Thu, 26 Nov 2009 18:08:21 -0800
From: Anton Chuvakin <anton@chuvakin.org>
Subject: Re: [fw-wiz] Using linux firewalls for PCI compliant
infrastructure
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<b2591e2e0911261808r517e7abbi68f82a1922ce27f7@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
> We are using linux-based servers as firewalls for PCI compliant
> infrastructure. During audits it has been OK so far but security
> people internally have suggested that maybe a commercial product would
> be better suited for PCI infrastructure (as it is pretty critical).
First things first: in PCI DSS, a firewall is a firewall is a
firewall. There is no preference to free or commercial ones. The only
criteria is "stateful" (somewhere in 1.1, if I recall correctly)
> What do you think, would a commercial firewall provide a tangible
> improvement in security?
Too close to being a religious debate.
> Is anyone else using linux-based firewalls for PCI (or otherwise
> sensitive) infrastructure?
Yes, I've seen people use iptables in 1.1 and in 1.4 (as personal firewall)
--
Dr. Anton Chuvakin
Site: http://www.chuvakin.org
Blog: http://www.securitywarrior.org
LinkedIn: http://www.linkedin.com/in/chuvakin
Twitter: @anton_chuvakin
Google Voice: 510-771-7106
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 43, Issue 8
***********************************************
No comments:
Post a Comment