Search squid archive

Re: PCI Certification compliance lists

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Hi Eliezer:

http://articatech.net/tmpf/categories/banking.gz
http://articatech.net/tmpf/categories/cleaning.gz



Le 04/01/2021 à 10:27, ngtech1ltd@xxxxxxxxx a écrit :

Hey David.

 

Indeed it should be done with the local websites however, These sites are pretty static.

Would it be OK to publish theses lists online as a file/files?

 

The main issue is that ssl-bump requires couple “fast” acls.

I believe it should be a “fast” acl but we also need the option to use an external helper like for many other function.

If I can choose between “fast” as default and the ability to run a “slow” external acl helper I can
choose what is right for/in my environment.

 

Currently I cannot program a helper that will decide if a CONNECT connection should be spliced or bumped programmatically.

It forces me to reload this list manually which might take couple seconds.

 

Thanks,

Eliezer

 

----

Eliezer Croitoru

Tech Support

Mobile: +972-5-28704261

Email: ngtech1ltd@xxxxxxxxx

Zoom: Coming soon

 

 

From: squid-users <squid-users-bounces@xxxxxxxxxxxxxxxxxxxxx> On Behalf Of David Touzeau
Sent: Monday, January 4, 2021 10:23 AM
To: squid-users@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: PCI Certification compliance lists

 

Hi Eiezer,

I can help you by giving a list but

Just by using "main domains":

  • Banking/transcations : 27 646 websites.
  • AV sofwtare and updates sites (fw, routers...) :  133 295 websites


I can give it to you the lists , they are incomplete and it should decrease squid performance by loading huge databases.
Perhaps it is better for the Squid administrator to fill it's own list according it's country or company activity.



Le 03/01/2021 à 15:12, ngtech1ltd@xxxxxxxxx a écrit :

I am looking for domains lists that can be used for squid to be PCI
Certified.
 
I have read this article:
https://www.imperva.com/learn/data-security/pci-dss-certification/
 
And couple others to try and understand what might a Squid proxy ssl-bump
exception rules should contain.
So technically we need:
- Banks
- Health care
- Credit Cards(Visa, Mastercard, others)
- Payments sites
- Antivirus(updates and portals)
- OS and software Updates signatures(ASC, MD5, SHAx etc..)
 
* https://support.kaspersky.com/common/start/6105
*
https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-e
set-product-with-a-third-party-firewall
*
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s
55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fc
p&articleId=TS100291&_afrLoop=641093247174514&leftWidth=0%25&showFooter=fals
e&showHeader=false&rightWidth=0%25&centerWidth=100%25#!%40%40%3FshowFooter%3
Dfalse%26_afrLoop%3D641093247174514%26articleId%3DTS100291%26leftWidth%3D0%2
525%26showHeader%3Dfalse%26wc.contextURL%3D%252Fspaces%252Fcp%26rightWidth%3
D0%2525%26centerWidth%3D100%2525%26_adf.ctrl-state%3D3wmxkd4vc_9
 
 
If someone has the documents which instructs what domains to not inspect it
would also help a lot.
 
Thanks,
Eliezer
 
----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@xxxxxxxxx
Zoom: Coming soon
 
 
 
_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

 


_______________________________________________
squid-users mailing list
squid-users@xxxxxxxxxxxxxxxxxxxxx
http://lists.squid-cache.org/listinfo/squid-users

[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux