[squid-users] PCI Certification compliance lists

NgTech LTD ngtech1ltd at gmail.com
Sun Jan 3 15:17:06 UTC 2021 

I'm trying to figure out what can be done with 5.0.4.
I believe there is either a bug or misunderstanding by me what and how
things should be done or configured.

The first thing is to be able to bump all and add exceptions.
The second would be to bump specific sites.
As i noticed in the past it seems that for a good splice and or bump I need
the any-of acl to be used.

Its a bit different then the way squid acls work in general.

Eliezer

On Sun, Jan 3, 2021, 17:06 Amos Jeffries <squid3 at treenet.co.nz> wrote:

> On 4/01/21 3:12 am, ngtech1ltd wrote:
> > I am looking for domains lists that can be used for squid to be PCI
> > Certified.
> >
> > I have read this article:
> > https://www.imperva.com/learn/data-security/pci-dss-certification/
> >
> > And couple others to try and understand what might a Squid proxy ssl-bump
> > exception rules should contain.
> > So technically we need:
> > - Banks
> > - Health care
> > - Credit Cards(Visa, Mastercard, others)
> > - Payments sites
> > - Antivirus(updates and portals)
> > - OS and software Updates signatures(ASC, MD5, SHAx etc..)
> >
> > * https://support.kaspersky.com/common/start/6105
> > *
> >
> https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-e
> > set-product-with-a-third-party-firewall
> > *
> >
> https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s
> >
> 55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fc
> >
> p&articleId=TS100291&_afrLoop=641093247174514&leftWidth=0%25&showFooter=fals
> >
> e&showHeader=false&rightWidth=0%25&centerWidth=100%25#!%40%40%3FshowFooter%3
> >
> Dfalse%26_afrLoop%3D641093247174514%26articleId%3DTS100291%26leftWidth%3D0%2
> >
> 525%26showHeader%3Dfalse%26wc.contextURL%3D%252Fspaces%252Fcp%26rightWidth%3
> > D0%2525%26centerWidth%3D100%2525%26_adf.ctrl-state%3D3wmxkd4vc_9
> >
> >
> > If someone has the documents which instructs what domains to not inspect
> it
> > would also help a lot.
>
>
>
> Are you trying to get Squid certified as a PCI WAF agent?
>   or as security infrastructure agent?
>   or as general networking agent?
>
> These roles matter in regards to the PCI requirement to detect malicious
> transactions.
>
>
> Amos
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> http://lists.squid-cache.org/listinfo/squid-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210103/26d3ccdf/attachment.htm>

More information about the squid-users mailing list