PCI DSS Req 1.3.5: Permit Only Established Connections into the Network
PCI DSS Requirement 1.3.5 says to, “Permit only ‘established’ connections into the network.” The testing procedures for this requirement state that your assessor is to examine your firewall and router configurations to verify that only established connections are permitted into the internal network, and any inbound connections not associated with any previously established sessions, be denied. In years past, this configuration setting was called “stateful inspection,” also known as dynamic…