I was following Rick's recent post about penetration testing with some interest. I'm looking at complying with anz e-gate for e-commerce transactions. ANZ has this declaration form for internet sites that you have to sign. One of the tick boxes says "Do you operate a firewall that is regularly updated?"
I have an iptables firewall which basically blocks all ip6 and all ip4 except for a couple of ports I expose to the internet. I don't see why I need to update it "regularly". Do people use any additional application-level filtering on top of iptables packet filtering for ssh or http (aside from any security configurations that these services already provide) ? (The services I'm exposing through iptables are ssh and http. ) If not, how do you deal with a compliance item that makes dubious sense and, if you answered it honestly, makes you look bad when you're not? The other thought I had was that it could be they are conflating my understanding of a what a "firewall" is with antivirus software. If people (staff even) are uploading stuff via http then maybe I need to scan such content to prevent my system acting as an agent for spreading viral content. But that's heading out of firewall territory. Regards, -- Daniel Bush -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html