[171153] in North American Network Operators' Group

home help back first fref pref prev next nref lref last post

Re: Requirements for IPv6 Firewalls

daemon@ATHENA.MIT.EDU (joel jaeggli)
Sat Apr 19 10:30:22 2014

Date: Sat, 19 Apr 2014 07:29:42 -0700
From: joel jaeggli <joelja@bogus.com>
To: Jeff Kell <jeff-kell@utc.edu>, "Dobbins, Roland" <rdobbins@arbor.net>,
 "nanog@nanog.org" <nanog@nanog.org>
In-Reply-To: <5351D9B3.2030902@utc.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--Saem1JQJdWeXwTkJdUbVEOX9ItWvLNAPq
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 4/18/14, 7:04 PM, Jeff Kell wrote:
> PCI requirement 1.3.8 pretty  much requires RFC1918
> addressing of the computers in scope...

It does not

1.3.8
 Do not disclose private IP addresses and routing
information to unauthorized parties.
Note
: Methods to obscure IP addressing may include, but are
not limited to:
=01 Network Address Translation (NAT)
=01 Placing servers containing cardholder data behind proxy
servers/firewalls or content caches,
=01 Removal or filtering of route advertisements for private
networks that employ registered addressing,
=01 Internal use of RFC1918 address space instead of
registered addresses.

from version two with further explication

https://www.pcisecuritystandards.org/documents/navigating_dss_v20.pdf

version 3

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf

>  has anyone hinted at PCI for IPv6?

If by hinted at you mean deployed in pci compliant environments then yes.=


> Jeff
>=20
>=20



--Saem1JQJdWeXwTkJdUbVEOX9ItWvLNAPq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlNSiFYACgkQ8AA1q7Z/VrJi4ACdEMYyGsBJCnrvzFlrgx7yk3iJ
AHsAnipNIKdYOqU4LNZHFPAwjqIgHbDO
=1+LV
-----END PGP SIGNATURE-----

--Saem1JQJdWeXwTkJdUbVEOX9ItWvLNAPq--
home help back first fref pref prev next nref lref last post