[tac_plus] TACACS Solution?

Matt Almgren matta at surveymonkey.com
Fri Jul 24 20:33:39 UTC 2015 

Sorry, hit send before it was time.

The PCI 3.0 requirement is :

1.2.2 Secure and synchronize router configuration files.
1.2.2.a Examine router configuration files to verify they are secured from unauthorized access.
1.2.2.b Examine router configurations to verify they are synchronized—for example, the running (or active) configuration matches the start-up configuration (used when machines are booted)

While the running (or active) router configuration files include the current, secure settings, the startup files (which are used when routers are restarted or booted) must be updated with the same secure settings to ensure these settings are applied when the start-up configuration is run. Because they only run occasionally, start-up configuration files are often forgotten and are not updated. When a router re-starts and loads a start-up configuration that has not been updated with the same secure settings as those in the running configuration, it may result in weaker rules that allow malicious individuals into the network.

Unless I’m missing something, that’s all our auditor told us we need to be concerned with.  TAC+ handles all of it nicely.

 — Matt






From: Matt Almgren <matta at surveymonkey.com<mailto:matta at surveymonkey.com>>
Date: Friday, July 24, 2015 at 1:28 PM
To: "Chase, John" <john.chase at rakuten.com<mailto:john.chase at rakuten.com>>, "tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>" <tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>>
Subject: Re: [tac_plus] TACACS Solution?

That’s an interesting question.  TAC+ s the medium/method that is used as the medium for the PCI requirement.

PCI states that configurations have to be backed up to a secure location.  There’s no mention of “what” software is used, as long as the above holds true.

1.2.2 Secure and synchronize router configuration files.


From: <Chase>, John <john.chase at rakuten.com<mailto:john.chase at rakuten.com>>
Date: Friday, July 24, 2015 at 12:48 PM
To: "tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>" <tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>>
Subject: [tac_plus] TACACS Solution?

Good day I am in preparation of replacing our existing Cisco TAC product with something new due to the EOL of Windows 2003. I was wondering if your TAC_Plus solution is PCI compliant?

Thank you

John Chase
Rakuten USA, Americas Development Unit
System Administrator
85 Enterprise | Suite 100
Aliso Viejo, CA 92656
P: 949.448.5461
[Description: Description: Description: Z:\Rakuten USA\rakuten_logo R.jpg]
NOTICE: This email contains confidential and/or proprietary information, some or all of which may be legally privileged. It is intended only for the named recipient. If an addressing or transmission error has misdirected the email, please notify the author with a reply email message. If you are not the named recipient, you must not use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer system.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150724/7eefb81b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2533 bytes
Desc: image001.jpg
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150724/7eefb81b/attachment.jpg>
_______________________________________________
tac_plus mailing list
tac_plus at shrubbery.net<mailto:tac_plus at shrubbery.net>
http://www.shrubbery.net/mailman/listinfo/tac_plus

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.shrubbery.net/pipermail/tac_plus/attachments/20150724/fdbde3e2/attachment.html>

More information about the tac_plus mailing list