Rick (and others wanting to be PCI compliant) Ping me off list about this. It's a somewhat complex subject and varies quite a bit. I've done a fair amount of PCI related work and would be happy to provide some guidance. While you all know I'm generally very keen to post to the list and help out, when it comes to security/PCI I'm extremely touchy, serious and specific.
What I can say on list (in a generic sense that applies to all) is that 1) PCI is very prescriptive. That is it's greatest strength. It's also a pain when the auditor doesn't understand that you can use 128 or greater encryption, so using 256 bit is considered uncompliant (is that a word?) 2) Everything in it is good base line security. Most folks that post to the list seem to have a good handle on mature operational procedures. If you have Linux or Windows savyness and have followed the vendor security guidelines (IDS/IPS/AV/change default passwords/patch on a regular basis) you are a long way towards being PCI compliant. On 04/01/2010 11:21 PM, RickG wrote: > Email from my brother: > > Just got a letter from our credit card processor and we need to become > pci compliant. I noticed these routers I'm using from Qwest dont have > a firewall. Do I go software,hardware or both? Here is the link for > our routers. > http://www.qwest.com/internethelp/modems/motorola-3347/modemDetail_3347installation.html > > He handles IT for 27 BK's in Denver. Thoughts? > > > -------------------------------------------------------------------------------- > WISPA Wants You! Join today! > http://signup.wispa.org/ > -------------------------------------------------------------------------------- > > WISPA Wireless List: wireless@wispa.org > > Subscribe/Unsubscribe: > http://lists.wispa.org/mailman/listinfo/wireless > > Archives: http://lists.wispa.org/pipermail/wireless/ > -------------------------------------------------------------------------------- WISPA Wants You! Join today! http://signup.wispa.org/ -------------------------------------------------------------------------------- WISPA Wireless List: wireless@wispa.org Subscribe/Unsubscribe: http://lists.wispa.org/mailman/listinfo/wireless Archives: http://lists.wispa.org/pipermail/wireless/
