Requirements for IPv6 Firewalls

• Previous message (by thread): Requirements for IPv6 Firewalls
• Next message (by thread): Requirements for IPv6 Firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/18/14, 7:04 PM, Jeff Kell wrote:
> PCI requirement 1.3.8 pretty  much requires RFC1918
> addressing of the computers in scope...

It does not

1.3.8
 Do not disclose private IP addresses and routing
information to unauthorized parties.
Note
: Methods to obscure IP addressing may include, but are
not limited to:

 Network Address Translation (NAT)

 Placing servers containing cardholder data behind proxy
servers/firewalls or content caches,

 Removal or filtering of route advertisements for private
networks that employ registered addressing,

 Internal use of RFC1918 address space instead of
registered addresses.

from version two with further explication

https://www.pcisecuritystandards.org/documents/navigating_dss_v20.pdf

version 3

https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf

>  has anyone hinted at PCI for IPv6?

If by hinted at you mean deployed in pci compliant environments then yes.

> Jeff
> 
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 308 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20140419/d17bba2b/attachment.sig>

• Previous message (by thread): Requirements for IPv6 Firewalls
• Next message (by thread): Requirements for IPv6 Firewalls
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]