We have a large network and are currently going
through the process of becoming PCI compliant. We use
a leading performance management tool that has
distributed sniffing capabilities. They are about to
deliver to us the capability of globally limiting
captures on specific ports, urls, or ip addresses for
networks segments known to carry credit card data to
everything but the payload itself (even though
encryption is used).
Many of us also love to use Wireshark for
trouble-shooting problems. The question was posed if
Wireshark can be limited in similar ways. Of course
all of this is policy driven as a rogue admin with
access to specific systems would surely be able to
fire up his own unrestricted copy. So assume that this
will be used by network administrators who want to
follow policy and use the approved tools. My thoughts
were implementing something at the pcap level so all
of my favorite tools that use pcap will become
acceptable.
I know this probably seems like a really dumb question
to most and I have thought of many things that would
make this very difficult to implement. Future updates
would become a nightmare (unless the capability was
implemented in the official release). I guess I am
interested to hear if any of you have had to deal with
PCI compliance and if there is a better approach to
this. I don't want to lose my favorite tools (I don't
know that I will at this point but I think there is
great potential for it). Visions of nailing Jello to a
tree keep popping into my mind for some reason.
Thanks for any input on this!
____________________________________________________________________________________
8:00? 8:25? 8:40? Find a flick in no time
with the Yahoo! Search movie showtime shortcut.
http://tools.search.yahoo.com/shortcuts/#news