Network Security: Detailed info on Re: PCI DSS Compliance

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: PCI DSS Compliance

from [Richard Moore] Network Security

[Permanent Link]

Subject:	Re: PCI DSS Compliance
Date:	Thu, 15 Dec 2005 09:51:20 +0000

Ademar Gonzalez wrote:

A shared hosting client needs to get his site PCI DSS certified.
He forwarded us the following request from the company doing the assessment.

"Your site could not be certified. Your site appears to be running
scan detection software, that has prevented a reliable port scan. This
test is inconclusive. Please add our scanner ip: ##.##.##.## to your
scan detection software exclusion list to allow our scanner to make a
complete assessment of your system."

Is this request plain stupid or what ? Comments ?


No it's not stupid. For one thing, it is one of the PCI requirements.
They cannot be certified if the scan was blocked by an IPS.

How would you proceed in this situation ?


I would do what my customer asked.

Cheers

Rich.
--
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
PCI DSS Compliance, Ademar Gonzalez Re: PCI DSS Compliance, Richard Moore <= Re: PCI DSS Compliance, Roy Britten RE: PCI DSS Compliance, Michael Johnson RE: PCI DSS Compliance, Syed Mohamed A Re: PCI DSS Compliance, Pete Herzog RE: PCI DSS Compliance, Lyal Collins Re: PCI DSS Compliance, Peter Watkins RE: PCI DSS Compliance, Sebastien Deleersnyder RE: PCI DSS Compliance, Steve Kerns Re: PCI DSS Compliance, Ademar Gonzalez RE: PCI DSS Compliance, Lyal Collins

Previous by Date:	RE: PCI DSS Compliance, Sebastien Deleersnyder
Next by Date:	RE: PCI DSS Compliance, Steve Kerns
Previous by Thread:	PCI DSS Compliance, Ademar Gonzalez
Next by Thread:	Re: PCI DSS Compliance, Roy Britten
Indexes:	[Date] [Thread] [Top] [All Lists]