[squid-users] PCI Certification compliance lists

David Touzeau david at articatech.com
Mon Jan 4 13:25:17 UTC 2021 

Hi Eliezer:

http://articatech.net/tmpf/categories/banking.gz
http://articatech.net/tmpf/categories/cleaning.gz



Le 04/01/2021 à 10:27, ngtech1ltd at gmail.com a écrit :
>
> Hey David.
>
> Indeed it should be done with the local websites however, These sites 
> are pretty static.
>
> Would it be OK to publish theses lists online as a file/files?
>
> The main issue is that ssl-bump requires couple “fast” acls.
>
> I believe it should be a “fast” acl but we also need the option to use 
> an external helper like for many other function.
>
> If I can choose between “fast” as default and the ability to run a 
> “slow” external acl helper I can
> choose what is right for/in my environment.
>
> Currently I cannot program a helper that will decide if a CONNECT 
> connection should be spliced or bumped programmatically.
>
> It forces me to reload this list manually which might take couple seconds.
>
> Thanks,
>
> Eliezer
>
> ----
>
> Eliezer Croitoru
>
> Tech Support
>
> Mobile: +972-5-28704261
>
> Email: ngtech1ltd at gmail.com <mailto:ngtech1ltd at gmail.com>
>
> Zoom: Coming soon
>
> *From:*squid-users <squid-users-bounces at lists.squid-cache.org> *On 
> Behalf Of *David Touzeau
> *Sent:* Monday, January 4, 2021 10:23 AM
> *To:* squid-users at lists.squid-cache.org
> *Subject:* Re: [squid-users] PCI Certification compliance lists
>
> Hi Eiezer,
>
> I can help you by giving a list but
>
> Just by using "main domains":
>
>   * Banking/transcations : 27 646 websites.
>   * AV sofwtare and updates sites (fw, routers...) :  133 295 websites
>
>
> I can give it to you the lists , they are incomplete and it should 
> decrease squid performance by loading huge databases.
> Perhaps it is better for the Squid administrator to fill it's own list 
> according it's country or company activity.
>
>
>
> Le 03/01/2021 à 15:12, ngtech1ltd at gmail.com 
> <mailto:ngtech1ltd at gmail.com> a écrit :
>
>     I am looking for domains lists that can be used for squid to be PCI
>
>     Certified.
>
>     I have read this article:
>
>     https://www.imperva.com/learn/data-security/pci-dss-certification/  <https://www.imperva.com/learn/data-security/pci-dss-certification/>
>
>     And couple others to try and understand what might a Squid proxy ssl-bump
>
>     exception rules should contain.
>
>     So technically we need:
>
>     - Banks
>
>     - Health care
>
>     - Credit Cards(Visa, Mastercard, others)
>
>     - Payments sites
>
>     - Antivirus(updates and portals)
>
>     - OS and software Updates signatures(ASC, MD5, SHAx etc..)
>
>     *https://support.kaspersky.com/common/start/6105  <https://support.kaspersky.com/common/start/6105>
>
>     *
>
>     https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-e  <https://support.eset.com/en/kb332-ports-and-addresses-required-to-use-your-e>
>
>     set-product-with-a-third-party-firewall
>
>     *
>
>     https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s  <https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s>
>
>     55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx?wc.contextURL=%2Fspaces%2Fc
>
>     p&articleId=TS100291&_afrLoop=641093247174514&leftWidth=0%25&showFooter=fals
>
>     e&showHeader=false&rightWidth=0%25&centerWidth=100%25#!%40%40%3FshowFooter%3
>
>     Dfalse%26_afrLoop%3D641093247174514%26articleId%3DTS100291%26leftWidth%3D0%2
>
>     525%26showHeader%3Dfalse%26wc.contextURL%3D%252Fspaces%252Fcp%26rightWidth%3
>
>     D0%2525%26centerWidth%3D100%2525%26_adf.ctrl-state%3D3wmxkd4vc_9
>
>     If someone has the documents which instructs what domains to not inspect it
>
>     would also help a lot.
>
>     Thanks,
>
>     Eliezer
>
>     ----
>
>     Eliezer Croitoru
>
>     Tech Support
>
>     Mobile: +972-5-28704261
>
>     Email:ngtech1ltd at gmail.com  <mailto:ngtech1ltd at gmail.com>
>
>     Zoom: Coming soon
>
>     _______________________________________________
>
>     squid-users mailing list
>
>     squid-users at lists.squid-cache.org  <mailto:squid-users at lists.squid-cache.org>
>
>     http://lists.squid-cache.org/listinfo/squid-users  <http://lists.squid-cache.org/listinfo/squid-users>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20210104/971fee74/attachment-0001.htm>

More information about the squid-users mailing list