Security Basics mailing list archives

Re: PCI DSS Scanners

From: Chelsea Budzko <cbudzko () uoregon edu>
Date: Tue, 03 Apr 2012 09:21:53 -0700

PCI DSS is much more than a scan, which to my understanding is based on
the presence, or lack of encryption levels sufficient to meet that PCI
DSS piece of the entire requirement, which to seriously test would
include an in-depth, person-to-person AND device config review, as well
as the general topology of the said network.  I have always found the
advertisements for scanners and 'pci compliant' email clients to be hype
only.  They might provide the needed encryption, but the cannot in and
of themselves make an organization PCI DSS compliant.
hope this helps

On 4/3/12 2:31 AM, skiera99 wrote:

Hi all,

I need to perform a PCI DSS scan for one client. I am looking for the
frameworks to do that. So far I tried:
- Nessus
- Rapid7 NeXpose

Do you know anything else?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an
SSL certificate.  We look at how SSL works, how it benefits your
company and how your customers can tell if a site is secure. You will
find out how to test, purchase, install and use a thawte Digital
Certificate on your Apache web server. Throughout, best practices for
set-up are highlighted to help you ensure efficient ongoing management
of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1

------------------------------------------------------------------------


-- 
Chelsea Budkzo
Information Services
University of Oregon
541-346-1651


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

PCI DSS Scanners skiera99 (Apr 03)
- Re: PCI DSS Scanners TAS (Apr 03)
- Re: PCI DSS Scanners haZard0us (Apr 03)
- RE: PCI DSS Scanners Phillip Fernandes (Apr 03)
- Re: PCI DSS Scanners Chelsea Budzko (Apr 03)
  - RE: PCI DSS Scanners Bill Montgomery (Apr 03)
- Re: PCI DSS Scanners skiera99 (Apr 03)
- Re: PCI DSS Scanners pentester (Apr 11)
  - RE: PCI DSS Scanners Mike Vella (Apr 11)
    - Re: PCI DSS Scanners Livio Gario (Apr 12)
    - Re: RE: PCI DSS Scanners Adam Pal (Apr 12)
- <Possible follow-ups>
- Re: RE: PCI DSS Scanners goswamituhin (Apr 04)