[squid-users] PCI Certification compliance lists
ngtech1ltd at gmail.com
ngtech1ltd at gmail.com
Mon Jan 4 09:27:51 UTC 2021
Hey David.
Indeed it should be done with the local websites however, These sites are pretty static.
Would it be OK to publish theses lists online as a file/files?
The main issue is that ssl-bump requires couple “fast” acls.
I believe it should be a “fast” acl but we also need the option to use an external helper like for many other function.
If I can choose between “fast” as default and the ability to run a “slow” external acl helper I can
choose what is right for/in my environment.
Currently I cannot program a helper that will decide if a CONNECT connection should be spliced or bumped programmatically.
It forces me to reload this list manually which might take couple seconds.
Thanks,
Eliezer
----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
Zoom: Coming soon
From: squid-users <squid-users-bounces at lists.squid-cache.org> On Behalf Of David Touzeau
Sent: Monday, January 4, 2021 10:23 AM
To: squid-users at lists.squid-cache.org
Subject: Re: [squid-users] PCI Certification compliance lists
Hi Eiezer,
I can help you by giving a list but
Just by using "main domains":
* Banking/transcations : 27 646 websites.
* AV sofwtare and updates sites (fw, routers...) : 133 295 websites
I can give it to you the lists , they are incomplete and it should decrease squid performance by loading huge databases.
Perhaps it is better for the Squid administrator to fill it's own list according it's country or company activity.
Le 03/01/2021 à 15:12, ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com> a écrit :
I am looking for domains lists that can be used for squid to be PCI
Certified.
I have read this article:
https://www.imperva.com/learn/data-security/pci-dss-certification/
And couple others to try and understand what might a Squid proxy ssl-bump
exception rules should contain.
So technically we need:
- Banks
- Health care
- Credit Cards(Visa, Mastercard, others)
- Payments sites
- Antivirus(updates and portals)
- OS and software Updates signatures(ASC, MD5, SHAx etc..)
* https://support.kaspersky.com/common/start/6105
*
https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-e
set-product-with-a-third-party-firewall
*
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s
55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fc
p&articleId=TS100291&_afrLoop=641093247174514&leftWidth=0%25&showFooter=fals
e&showHeader=false&rightWidth=0%25¢erWidth=100%25#!%40%40%3FshowFooter%3
Dfalse%26_afrLoop%3D641093247174514%26articleId%3DTS100291%26leftWidth%3D0%2
525%26showHeader%3Dfalse%26wc.contextURL%3D%252Fspaces%252Fcp%26rightWidth%3
D0%2525%26centerWidth%3D100%2525%26_adf.ctrl-state%3D3wmxkd4vc_9
If someone has the documents which instructs what domains to not inspect it
would also help a lot.
Thanks,
Eliezer
----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
Zoom: Coming soon
_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org <mailto:squid-users at lists.squid-cache.org>
http://lists.squid-cache.org/listinfo/squid-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210104/633e3ddd/attachment.htm>
More information about the squid-users
mailing list