WTF is a Managed Firewall?
-
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
title says it all; Aren't all Firewalls Managed???
No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.
so we have to hire a company to manage our firewall?
Managed Firewall = A firewall with a managed service.
You don't need it, but if you want to call it that, then yes.
It's like having a "hosted server" and asking "what's a hosted server", and the answer is "a server someone hosts for you." Does that mean that you need one? No, you can just use a server normally.
-
@scotth said in WTF is a Managed Firewall?:
Earlier, he mentioned that his company's payment processor was pushing this on them.
Then yes, this implies that the payment process doesn't consider any of their customers to be capable to manage a firewall. Says something about what the payment processor thinks of itself, but they probably know best.
-
@JaredBusch said in WTF is a Managed Firewall?:
https://www.pcisecuritystandards.org/pci_security/glossary#F
https://www.pcisecuritystandards.org/pci_security/glossary#M
this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.
Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...
-
@Dashrender said in WTF is a Managed Firewall?:
@JaredBusch said in WTF is a Managed Firewall?:
https://www.pcisecuritystandards.org/pci_security/glossary#F
https://www.pcisecuritystandards.org/pci_security/glossary#M
this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.
Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...
That is a glossary. not the specifications.
-
@WrCombs said in WTF is a Managed Firewall?:
@scotth said in WTF is a Managed Firewall?:
Earlier, he mentioned that his company's payment processor was pushing this on them.
Yeah, I dont know what the hell is going on ; just something that was brought up in the office, and we cant be PCI compliant until we have this ; so That's why i was wondering.
Yes you can, someone is just full of shit trying to sell you something.
As always... do as you are told, but recognize when someone is full of crap and making up am implausible lie. Don't repeat obvious lies as if they were true, but accept that your business is run by idiots who don't know what is plausible, what is true, etc.
So YOUR business must now believe this, so let it go. They've decided to say anything to justify doing what they want. It's that simple. It's not your place at work to disagree. But outside of work, don't act like this as any foundation in reality. It's purely made up.
-
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
title says it all; Aren't all Firewalls Managed???
No, the majority are just abandoned. A managed firewall is a service by which a company manages a firewall.
so we have to hire a company to manage our firewall?
No of course not - it means that someone - anyone - has to be responsible for it - and that person/team should be updating it regularly.
The problem here is that it's not a technical term, it's a marketing term. One used almost exclusively by ISPs. So you can't manage it yourself and claim to be doing this, that doesn't fit any standard use of the term.
-
@Dashrender said in WTF is a Managed Firewall?:
@JaredBusch said in WTF is a Managed Firewall?:
https://www.pcisecuritystandards.org/pci_security/glossary#F
https://www.pcisecuritystandards.org/pci_security/glossary#M
this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.
Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...
I Literally found 4 documents that said the exact same thing. . . all of which came from the PCI site.
But Thanks @JaredBusch for posting it.
-
It's a pure money grab. You have to buy this from us or we'll shut you off, because gubament
-
well now that I know more about it, I can shake my head when they hire a company to manage the firewall..
I spoke up earlier and said I'd do it but they'd have to pay me to do it.. that was shut down quickly. -
@WrCombs said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
@JaredBusch said in WTF is a Managed Firewall?:
https://www.pcisecuritystandards.org/pci_security/glossary#F
https://www.pcisecuritystandards.org/pci_security/glossary#M
this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.
Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...
I Literally found 4 documents that said the exact same thing. . . all of which came from the PCI site.
But Thanks @JaredBusch for posting it.
Nothing you linked was from the official website for the PCI Security Standards Council
-
@WrCombs said in WTF is a Managed Firewall?:
I Literally found 4 documents that said the exact same thing. . . all of which came from the PCI site.
They listed a requirement?
-
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
@scotth said in WTF is a Managed Firewall?:
Earlier, he mentioned that his company's payment processor was pushing this on them.
Yeah, I dont know what the hell is going on ; just something that was brought up in the office, and we cant be PCI compliant until we have this ; so That's why i was wondering.
Yes you can, someone is just full of shit trying to sell you something.
As always... do as you are told, but recognize when someone is full of crap and making up am implausible lie. Don't repeat obvious lies as if they were true, but accept that your business is run by idiots who don't know what is plausible, what is true, etc.
So YOUR business must now believe this, so let it go. They've decided to say anything to justify doing what they want. It's that simple. It's not your place at work to disagree. But outside of work, don't act like this as any foundation in reality. It's purely made up.
You say this - but did you see where he said that his boss said
Basically just told my boss that I'll handle the "Managed firewall" for the company, but we're doing it my way with the equipment i tell you to buy.
So now the boss is is confused - the boss said need 'managed firewall' which means they have to hire this to someone else to support/manage (according to you) yet, in that same sentence he's told that he will be the one handling it, but using the equipment the boss dictates.
Actually in reading that, I guess there is no contradiction... @WrCombs just gets to bet the point of contact for the company he decides to hire to manage the firewall the boss buys... Ok.. easy. -
@WrCombs said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
would a managed firewall mean : A firewall that is maintained? such as firmware updates?
if so then any firewall would be a "managed Firewall" ...that's my take on it.
Can you post the specific rule from PCI that this is in regard to?
the rule that I was told during a class::
To be PCI Compliant you have to have a Managed firewall with regular firmware / software updates as often as they come out.
This proves that the class was not official, or legit. This is something so basic, no instructor could reasonably claim to understand what he was saying and repeat these words. Either the instructor doesn't understand PCI basics, or doesn't know what a managed firewall means in the industry.
No matter what, it indicates that the class was BS.
-
@WrCombs said in WTF is a Managed Firewall?:
well now that I know more about it, I can shake my head when they hire a company to manage the firewall..
I spoke up earlier and said I'd do it but they'd have to pay me to do it.. that was shut down quickly.Why would they have to pay you differently than they are now? You are already being paid. You're hourly, if you are working on the firewall, you're just getting your normal hourly rate. Just like the rest of us here.
-
@JaredBusch said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
@JaredBusch said in WTF is a Managed Firewall?:
https://www.pcisecuritystandards.org/pci_security/glossary#F
https://www.pcisecuritystandards.org/pci_security/glossary#M
this - @WrCombs this is what you take to your boss and say - these are the PCI compliance requirements, the thing you have to follow. Since this says nothing about a managed firewall, then you don't need to worry about 'managed' firewall from a PCI POV... now the processor might have their own additional shit you have to worry about.. but get that crap in writing so you know exactly what they expect from you.... that should have been part of the agreement your company signed when they started using the processor.
Oh - and thank JB for finding that for you - that's what I was edging you to do on your own - helping you learn research - JB's kinda a god at finding documentation...
I Literally found 4 documents that said the exact same thing. . . all of which came from the PCI site.
But Thanks @JaredBusch for posting it.
Nothing you linked was from the official website for the PCI Security Standards Council
Because I got busy with calls I didn't have the chance to post it.
-
@scottalanmiller said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
I Literally found 4 documents that said the exact same thing. . . all of which came from the PCI site.
They listed a requirement?
That was in reply to my comment that @WrCombs wasn't posting links to the official PCI documentation, but instead to random blogs around the inter-webs.
-
@WrCombs said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
would a managed firewall mean : A firewall that is maintained? such as firmware updates?
if so then any firewall would be a "managed Firewall" ...that's my take on it.
Can you post the specific rule from PCI that this is in regard to?
the rule that I was told during a class::
To be PCI Compliant you have to have a Managed firewall with regular firmware / software updates as often as they come out.
Don't care about what you were 'told.' Go look it up yourself... then you'll know what the actual rule states.
I pulled that from my notes from that class ...
Right. But the majority of teachers and cheap class material is fake. Classes can be good, but be prepared that people who teach that stuff rarely have any idea what they are teaching and no one cares. Your company bought the class and didn't look into the credibility, for example. So why woudl the teacher spend time getting the info right?
The class is likely just a scam money grab, as is most stuff in this space. Be prepared to consider "authoritative sources" and common sense in these matters. PCI doesn't have this requirement, and common sense says it's not reasonable for PCI to have it as it has nothing to do with security.
Learning to recognize teachers, mentors, bosses that don't know the basics is an important part of the job. Remember... the average person in the industry doesn't have the slightest clue, and can't let on to that without risking losing their jobs. Most people only keep their jobs by acting like they know to non-technical managers who never vet them.
-
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
well now that I know more about it, I can shake my head when they hire a company to manage the firewall..
I spoke up earlier and said I'd do it but they'd have to pay me to do it.. that was shut down quickly.Why would they have to pay you differently than they are now? You are already being paid. You're hourly, if you are working on the firewall, you're just getting your normal hourly rate. Just like the rest of us here.
Right, hourly rates mean you never need to ask for money until you are renegotiating your hourly rate.
A managed firewall is like a $10/mo item. It's dirt cheap from a third party.
-
@Dashrender said in WTF is a Managed Firewall?:
@WrCombs said in WTF is a Managed Firewall?:
well now that I know more about it, I can shake my head when they hire a company to manage the firewall..
I spoke up earlier and said I'd do it but they'd have to pay me to do it.. that was shut down quickly.Why would they have to pay you differently than they are now? You are already being paid. You're hourly, if you are working on the firewall, you're just getting your normal hourly rate. Just like the rest of us here.
That's outside of my Job as a Point of Sale tech.
We dont even sell firewalls anymore. -
@WrCombs said in WTF is a Managed Firewall?:
and this one says:
https://www.pcidss.com/listing-category/managed-firewall-services/A managed firewall service provides an outsourced, specialist function that configures and maintains firewalls. This provider ensures correct and secure functionality of firewalls, typically on a 24/7 basis from a PCI DSS compliant Secure Operations Centre (SOC).
That site is full of cookies, but doesnt' ask permissions... and their SSL cert doesn't cover the whole site!
