Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Using Nessus for PCI

from [Larry Petty] Network Security [Permanent Link]
Subject: Re: Using Nessus for PCI
Date: Thu, 18 Oct 2007 11:54:21 -0700 (PDT) 
That's what I thought, until I read this document:

https://www.pcisecuritystandards.org/pdfs/pci_dss_technical_and_operational_requirements_for_approved_scanning_vendors_ASVs_v1-1.pdf

Check out the changes on page 4-11. How do you interpret this?


Larry,
I'm not sure if I'm allowed to provide tips on how/what to scan - to be
 
safe I won't. I can tell you however that there are 5 levels of risk 
ratings in the PCI/DSS standards, where as Nessus has but three (four
 if 
you count INFO). I would recommend some extensive reading of the 
www.pcisecuritystandards.org PCI/DSS document itself, along with ALL of
 
the support documents.

Here's the link to the file that has the actual risk ratings for PCI 
standards. You will need to come up with a system (internal to your 
company) to map the nessus ratings to these.

https://www.pcisecuritystandards.org/pdfs/pci_scanning_procedures_v1-1.pdf

The test is not trivial.
-- 
_______________________________________________________________________
Nathan Grandbois, CISSP           ngrandbois@microsolved.com
Security Analyst                  (614) 351-1237 x 212
PGP Key Available by Request
MicroSolved is security expertise you can trust!

HoneyPoint Security Server
Attackers get stung, instead of you!
http://www.microsolved.com/honeypoint







__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Using Nessus for PCI, Nathan Grandbois
Next by Date:  Re: Using Nessus for PCI, Ron Gula
Previous by Thread:  RE: Using Nessus for PCI, John Scherff
Next by Thread:  Re: Using Nessus for PCI, Larry Petty
Indexes:  [Date] [Thread] [Top] [All Lists]