Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: IPS comparison

from [Chuck] Network Security [Permanent Link]
Subject: Re: IPS comparison
Date: Wed, 27 Jul 2005 09:33:26 -0400 
Since you mentioned PCI compliance, one thing you might not be aware
of is that for your regular PCI vulnerability scans and penetration
tests you will have to disable the IPS (from the scanning systems). 
An IPS will not help you in passing the PCI compliance scans.

This is documented in requirement 15 on page 4 of this document:
https://sdp.mastercardintl.com/pdf/pcs_manual.pdf

Is there a specific requirement for you to have an IPS in your system?
 There could be such a requirement for large enough systems that I am
not aware of, so I'd be interested to hear about it.

And, of course, this is not to say that IPSs are useless in a
practical sense.  An IPS will provide defense in depth if you
accidentally field a vulnerable system, but it cannot be used as a
substitute for securing the underlying systems.

Chuck

On 7/26/05, Jeffrey Leggett <jleggett@interland.com> wrote:

Ha... I am in the middle of testing and evaluating IPS solutions for my 
company, a large Web Hoster for PCI/CISP compliance.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Security with USB Devices, Anders Thulin
Next by Date:  Re: Security with USB Devices, AdamT
Previous by Thread:  RE: IPS comparison, Jeffrey Leggett
Next by Thread:  RE: IPS comparison, Soszynski, Chris
Indexes:  [Date] [Thread] [Top] [All Lists]