Can pfSense be hardenized to be PCI compliant?
-
@AR-0 pfSense is inaccessible from the internet in it's default state... I'm not sure how much more "hardenized" it can get from that point.
-
@rcoleman-netgate Thank you
-
We see quite a few queries from people who are using one of the external PCI testing services and failing because they are testing it wrong. Most of those services specify you must not block the IP range they are testing from using 'active' detection methods. In pfSense that's Snort or Suricata. It does not mean you must open the firewall WAN to their range which would result in an invalid test. Any attacker on the internet would not be passed on the WAN by default!
-
@stephenw10 Thank you for the information
-
@stephenw10 said in Can pfSense be hardenized to be PCI compliant?:
It does not mean you must open the firewall WAN to their range which would result in an invalid test.
QFT... I have seen multiple threads with just that as the problem..
-
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
@rcoleman-netgate haha - yeah I guess it could stand for that as well ;)
quoted for truth
-
Ryan
Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
Requesting firmware for your Netgate device? https://go.netgate.com
Switching: Mikrotik, Netgear, Extreme
Wireless: Aruba, Ubiquiti -
@rcoleman-netgate said in Can pfSense be hardenized to be PCI compliant?:
TIL
Tech Information Library ;) hehehehe
-
@johnpoz Thanks!
