We're in the process of achieving PCI-DSS compliance. I was wondering how we can go about impleneting, testing and prosivng that we comply with sectionsd 1.3.4, and
1.3.4 Implement anti-spoofing measures to detect and block forged source IP addresses from entering the network. (For example, block traffic originating from the Internet with an internal source address.)
1.3.6 Implement stateful inspection, also known as dynamic packet filtering. (That is, only “established” connections are allowed into the network.)
So, my questions:
1. Regarding 1.3.4 - Just to confirm - does the spoof protection (Firewall --> Advanced) cover this ?
2. As for 1.3.6 - does the UTM cover this? I could not find a definite answer in the documentation whether this is handled by the firewall. I'm assuming it does, but would appreciate some confirmation.
Thanks,
Ofer
This thread was automatically locked due to age.
