PCI-1.3.4:: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
<blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | <blockquote style="background: #C8CDC7; padding: 1em; margin-left: 0.5em;"> | ||
<br> | <br> | ||
:'''Build a firewall configuration that restricts connections between publicly accessible servers and any system component storing cardholder data, including any connections from wireless networks. This firewall configuration should include:'''<br> | |||
<br> | <br> | ||
:::'''PCI-1.3.4:''' Determine that the firewall performs stateful inspection. Only established connections should be allowed in, and only if they are associated with a previously established session. | :* Examine firewall/router configurations to verify that connections are restricted between publicly accessible servers and components storing cardholder data, as follows: | ||
<br> | |||
::'''PCI-1.3.4:''' Determine that the firewall performs stateful inspection (dynamic packet filtering). (Only established connections should be allowed in, and only if they are associated with a previously established session. | |||
<br> | <br> | ||
</blockquote> | </blockquote> | ||
Revision as of 21:34, 2 March 2007
- Build a firewall configuration that restricts connections between publicly accessible servers and any system component storing cardholder data, including any connections from wireless networks. This firewall configuration should include:
- Examine firewall/router configurations to verify that connections are restricted between publicly accessible servers and components storing cardholder data, as follows:
- PCI-1.3.4: Determine that the firewall performs stateful inspection (dynamic packet filtering). (Only established connections should be allowed in, and only if they are associated with a previously established session.
Testing Procedures
Engage a port scanner such as [NMAP] on all TCP and UDP ports with “syn reset” or ”syn ack” bits set.
- A response means packets are allowed through even if they are not part of a previously established session.
Testing Frequency
Quarterly scans for all production systems currently in use or new systems prior to production deployment.
Evidence Archive Location
Insert hyperlink or location of evidence archive.
Control Stewards Process Narrative
Provide control steward commentary indicating the formal methodology in place.
Control Steward – Jane Manager
Process Illustration
Replace this test by inserting a process diagram, flowchart or other visual representation to illustrate the process narrative as necessary. Include a brief description of the process illustration.
Control Status and Auditors Commentary
The control is effective.
File:Greenlock.jpg
Status is acceptable.
Control Exception Commentary
Status is acceptable.
Remediation Plan
Remediation is not required at this time.
--Mdpeters 08:59, 27 February 2007 (EST)