[Freeswitch-users] FreeSWITCH version 1.4.x end of life - recommendation please
Richard Brady
rnbrady at gmail.com
Thu Nov 19 20:57:26 MSK 2015
> You can pass PCI-DSS with proper firewall rules.
Not true. There is a lot more to PCI-DSS than passing automated pen-tests.
There are 12 controls that touch all areas and are pretty tough to maintain.
And if you use FS to take CC details via DTMF then it's very much in scope
for those controls. One example is you have to run it on a hardened OS (see
PCI DSS v3 requirement 2.2.a).
And once you've got your OS hardened you become a bit reluctant to upgrade,
because it costs time and money.
That is definitely not the FS community's problem, but it is a valid
concern of the OP.
On 19 November 2015 at 10:29, Andrew Cassidy <
andrew at cassidywebservices.co.uk> wrote:
> You can pass PCI-DSS with proper firewall rules. For example, if you FS
> server only needs to accept calls from certain IP addresses, firewalling it
> out will pass the automated tests easily.
>
> I know it's not ideal, but I've managed to make unpatched Windows 2003
> servers pass the automated tests just by hiding them behind a proxy.
>
> I'm not condoning this practise, just timelines on that particular project
> required that they pass until we could upgrade them to Windows 2012. It
> bought us the time we needed
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20151119/79554e32/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list