Network Security: Detailed info on Re: PCI DSS Compliance

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Web-App-Sec

[Top] [All Lists]

Re: PCI DSS Compliance

from [Pete Herzog] Network Security

[Permanent Link]

Subject:	Re: PCI DSS Compliance
Date:	Mon, 19 Dec 2005 16:03:03 +0100

Craig Wright wrote:

An automated, not verified process does not meet the scaning/testing

> requirements. It is thus entirely irrelivant to the discussion as it
> will not help you be compliant.

The question was about whether assuring all known vulns are patched by disabling all security controls is correct. That was the question which prompted my discussion about PCI. For me, vuln scanning an entire network is very wrong and a pointless task. And I think it's important we challenge notions we suspect to be wrong either to fix them or correct ourselves. I am proud of you for reading the whole PCI document and all associated pages but what good does it do you if it isn't correct?

-pete.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
RE: PCI DSS Compliance, (continued) RE: PCI DSS Compliance, Sebastien Deleersnyder RE: PCI DSS Compliance, Steve Kerns Re: PCI DSS Compliance, Ademar Gonzalez RE: PCI DSS Compliance, Lyal Collins RE: PCI DSS Compliance, Craig Wright RE: PCI DSS Compliance, Steven Jones Re: PCI DSS Compliance, null0 RE: PCI DSS Compliance, Craig Wright Re: PCI DSS Compliance, Pete Herzog RE: PCI DSS Compliance, Craig Wright Re: PCI DSS Compliance, Pete Herzog <= RE: PCI DSS Compliance, Lyal Collins Re: PCI DSS Compliance, Pete Herzog RE: PCI DSS Compliance, Lyal Collins RE: PCI DSS Compliance, Craig Wright Re: PCI DSS Compliance, Roberto Tanara RE: PCI DSS Compliance, Lyal Collins RE: PCI DSS Compliance, Craig Wright Re: PCI DSS Compliance, Roberto Tanara

Previous by Date:	Tool for source code review, Pratiksha Doshi
Next by Date:	RE: Tool for source code review, Carl Davis
Previous by Thread:	RE: PCI DSS Compliance, Craig Wright
Next by Thread:	RE: PCI DSS Compliance, Lyal Collins
Indexes:	[Date] [Thread] [Top] [All Lists]