I don't think there is any restriction on using virtual firewalls as long as
it is deployed in the network to protect card holder servers. PCIDSS does
not exactly define actual requirements of security devices. Based on my
interpretation of standards and typical industrial best practices, I have
put some text here at:
http://netsecinfo.blogspot.com/2008/03/pci-dss-utm-technology-requirements.html
I hope it helps.
Thanks
Srini
-----Original Message-----
From:
listbounce@... [mailto:
listbounce@...] On
Behalf Of Terry
Sent: Thursday, May 08, 2008 12:37 PM
To:
firewalls@...
Subject: virtual firewalls -- compliance
Hello all,
I am throwing around the idea of using linux firewalls in vmware for
customer environments. The customers may or may not have
HIPAA/PCI/sOX/etc requirements. This is in the planning stages. Any
of you have experience heading down this route? PCIDSS doesn't
explicitly state problems with virtual firewalls, it seems to focus on
the logic of the rules.
Thanks!
********************************************************************************
This email message (including any attachments) is for the sole use of the intended recipient(s)
and may contain confidential, proprietary and privileged information. Any unauthorized review,
use, disclosure or distribution is prohibited. If you are not the intended recipient,
please immediately notify the sender by reply email and destroy all copies of the original message.
Thank you.
Intoto Inc.
