[171182] in North American Network Operators' Group
Re: Requirements for IPv6 Firewalls
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Mon Apr 21 13:22:27 2014
To: Lee Howard <Lee@asgard.org>
In-Reply-To: Your message of "Mon, 21 Apr 2014 12:10:31 -0400."
<CF7AB98C.51178%Lee@asgard.org>
From: Valdis.Kletnieks@vt.edu
Date: Mon, 21 Apr 2014 13:20:40 -0400
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1398100839_2059P
Content-Type: text/plain; charset=us-ascii
On Mon, 21 Apr 2014 12:10:31 -0400, Lee Howard said:
> "Methods used to meet the intent of this
> requirement may vary depending on the specific
> networking technology being used. For example,
> the controls used to meet this requirement may be
> different for IPv4 networks than for IPv6 networks."
> https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
>
> Based on my experience with compliance auditors, they won't understand
> many of the words in this sentence, and will assume NAT and RFC1918.
So there's the *real* problem in a nutshell. People think we're supposed to
hobble our networks with crap design just because the auditors can't get their
industry's shit together.
--==_Exmh_1398100839_2059P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Exmh version 2.5 07/13/2001
iQIVAwUBU1VTZwdmEQWDXROgAQLYww//d2pz+9ywDHtxvAhJMv35+TYtUW6Za7hq
H56uCCC9b78e3XMvD401Iw02xaHOqL+7z+J1vaTb+Rom0gHVdlI7Opc11XHzqos8
ebbG4xO5+5/RPS9MkjVpljKU4zwEc/3aV+Rgd91QxfZwA19HI6vwm0LgLByjMVbA
RKT341Jt7FObGJ6lQTRRxVVCYT4z27x4XiTY8jtjJq+Fc48L8KpW2MkTboJW4W35
2LUiR+Mchv7uHDmoex4cyuEVNB66E5o8An6JXZC9fx2zN5Ev2MA23jwr10G2zPO4
ZW3fQYEyrCMI2dLW2k3PHd8zhUhdJp1u8wKdZ42XRPzdzYkkKMBWXtEmn1URJjNM
fm485+2PR7YpVqv8sraYPOVlHhWy50rDzWhsStsOfW4T4/Deu2oHZq3+4KtNDb8R
IzM7QKf+SiU5FG2rkAbRhMasbcDILlES7ojPfN/R7Wy/k+IjVsehxp4z4coCBW4g
su7DHqNznFlvpobY7VprJxxl9b4jjFgUJY+Rh/9SBeEf0kKOaGl9KS/nFlrd1Chn
CYBLmzpaLWJJ6Pg6SLDzkoF7uL36DW27wcSY2M0Uw3ZzwKtZ/l8nD8CHd76w0jrV
7xSFcB9SRQ29H+fRtuH0IZR51MzbwrvfbEXiN0fXnRS4o7Gimao1U8Sao1n3+gYp
wKdHgg7wv6s=
=srAT
-----END PGP SIGNATURE-----
--==_Exmh_1398100839_2059P--
