Up
Previous Next

Sheriff CSM™

PCI DSS 3.2 Requirement 1: Install and Maintain a Firewall Configuration to Protect Cardholder Data

Testing Procedure How Sheriff CSM Delivers Sheriff CSM Instructions Sheriff CSM Documentation*
1.1.1.c Identify a sample of actual changes made to firewall and router configurations, compare to the change records, and interview responsible personnel to verify the changes were approved and tested. Sheriff CSM has built-in reports to assist in identifying changes made to router and firewall configurations for use in validating that changes were approved and tested. Enable the plugin for your firewall/router devices, and enable forwarding of the syslog events from the firewall/router. Enable Plugins
Run the existing “Firewall Configuration Change” PCI report to show changes made to the firewall. How to Run Reports
Additionally, you can enable instant alerting of suspected device configuration changes by creating a directive to Alert on occurrences of the configuration-change events. Tutorial: Create a New Directive to Detect DoS Attack
1.1.6.b Identify insecure services, protocols, and ports allowed; and verify that security features are documented for each service. Sheriff CSM provides NetFlow collection, which assists in identifying insecure services, protocols and ports that are allowed.

NIDS in Sheriff CSM allows for reporting of suspicious or potentially insecure protocols through events. Sheriff NIDS
Create a directive to Alert on occurrences of such NIDS events, which may detect possible misconfiguration or traffic that is not authorized. Tutorial: Create a New Directive to Detect DoS Attack
1.3.2 Examine firewall and router configurations to verify that inbound Internet traffic is limited to IP addresses within the DMZ. Sheriff CSM provides NetFlow collection, which assists in identifying traffic sources and destinations to help ensure that inbound internet traffic is limited to IP addresses within the DMZ. Configure a directive to Alert on any activity from non-authorized networks to the DMZ, which allows for immediate alerting of suspicious traffic from any data source. Correlation Directives
Topic revision: r13 - 29 Apr 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.