I'm trying to figure out how to make my ftp service pass the PCI
security compliance (we take credit cards, so need the compliance). I
have pfSense 1.2.2 running the ftp proxy to my internal box, which is
a FreeBSD 7.2 server running the stock ftpd.
A probe from the outside looks like this:
On Thu, Oct 1, 2009 at 10:41 AM, Vick Khera vi...@khera.org wrote:
I'm trying to figure out how to make my ftp service pass the PCI
security compliance (we take credit cards, so need the compliance). I
have pfSense 1.2.2 running the ftp proxy to my internal box, which is
a FreeBSD 7.2 server
Vick Khera wrote:
I'm trying to figure out how to make my ftp service pass the PCI
security compliance (we take credit cards, so need the compliance). I
have pfSense 1.2.2 running the ftp proxy to my internal box, which is
a FreeBSD 7.2 server running the stock ftpd.
A probe from the outside
On Thu, Oct 1, 2009 at 1:25 PM, Chris Buechler cbuech...@gmail.com wrote:
There's quite a bit of irony in using FTP yet wanting to be PCI compliant.
I suppose to some extent. However, it is the ideal tool for the job
of collecting large data files from arbitrary customers who do not
have their
On Thu, Oct 1, 2009 at 1:41 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote:
I do not believe pftpx has setting this. I would disable ftp-helper on WAN
and use NAT port-forwarding top you FreeBSD ftp-server (I use pfSense in
this way).
How portable is this to various ftp clients? I've done
It works fine if you set everything up properly, but since many
clients will use passive mode by default to get through NAT, you will
need to forward a port range for passive mode use and configure your
FTP server to use that port range.
Unfortunately, as far as I know there's no (easy,
Hi
I personally think that FTP could never pass the pci criteria as the
transmission has no encryption and the anonymous does not comply
anyway. (you always need that user authentication so as to log who
tried/ succeeded etc)
So sftp is perhaps your best alternative . Maybe you play with
Vick Khera wrote:
On Thu, Oct 1, 2009 at 1:41 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote:
I do not believe pftpx has setting this. I would disable ftp-helper on WAN
and use NAT port-forwarding top you FreeBSD ftp-server (I use pfSense in
this way).
How portable is this to various