[Mikrotik] PCI and Security Compliance Regulations

Rick Smith onyx3821 at gmail.com
Tue Jan 22 18:38:38 CST 2013


I'm faced with this as well.  how hard would it REALLY be to force a
login and then an enable type uplog.

On Jan 22, 2013, at 7:35 PM, "Kriss (Nebonet.com)" <seccour at nebonet.com> wrote:

> This topic doesn't seam to come up at all. I started out in the ISP biz and moved over to Information security for a company who was small enough that tik's still seamed to fit the bill.
>
> However we are starting to get hit with PCI-DSS evaluations, Risk Assessments and Gap Analysis with an array of requirements -- most which I have been able to meet easily except one : Security authentication on the router. Almost every third part wants to see me doing it the 'cisco' way with primary remote logins being strictly unprivileged and forcing elevation to a privileged user after connection. IE - enable.
>
> Now I can emulate this functionality by allowing only a stripped down user remote access and setting up a loopback bridge interface with no ports, setting an ip address to that bridge and ssh'ing into itself from there as the allowed ip address for the administrative full access user being the router itself.
>
> Which in of itself isn't too terrible other than i prefer to work with firewall rules using winbox. Anyone else had experience with this and other PCI-DSS compliance rules and getting the tik to be compliant ?
>
> - Kriss
>
>
> _______________________________________________
> Mikrotik mailing list
> Mikrotik at mail.butchevans.com
> http://mail.butchevans.com/mailman/listinfo/mikrotik
>
> Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS


More information about the Mikrotik mailing list