Want more weird? Only TLS/SSL is mentioned in the PCI DSS (albeit in a context applicable only to PAN's, not data in general).
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Scott Sent: Monday, January 04, 2010 3:50 PM To: [email protected] Subject: Re: PCI and Auditors perceptions thereof Packet inspection? Weird. You can, with FTPS, open up the control channel so the Firewall can monitor the control connection (port 21), which lets it dynamically assign ports that the server/client negotiate for the data connection (aka port 20). SFTP (SSH) is entirely encrypted and cannot have its activity monitored. Scott On Mon, Jan 4, 2010 at 1:01 PM, Hal Merritt <[email protected]> wrote: > Trying to do some due diligence in planning some data transfers and getting > really confused. > > Many seem to be saying that all FTP traffic has to be encrypted to meet PCI > standards. And yet I cannot find any such statement in the PCI standards. > But I did find a requirement for firewall packet inspection which, I am > told, is impossible if the traffic is encrypted. Did I read that right? > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
