Firewall Wizards mailing list archives
Re: PCI DSS & Firewalls
From: "Darden, Patrick S." <darden () armc org>
Date: Thu, 2 Apr 2009 15:30:30 -0400
Hmmm, no I don't think so. Network auditor would take care of regular stuff (e.g. your example of an open telnet service). Nessus, nmap, etc. Irregular stuff will be there no matter what, if someone knowledgeable enough spends enough time looking. Pen Testing has no real purpose that I can see.... Other than as a scare tactic to put someone in their place, get more money for security from admin, shame your IT department, or etc. It is more of a social/political tool than a security instrument. --Patrick Darden -----Original Message----- From: firewall-wizards-bounces () listserv icsalabs com [mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of AMuse Sent: Thursday, April 02, 2009 2:59 PM To: Firewall Wizards Security Mailing List Subject: Re: [fw-wiz] PCI DSS & Firewalls Isn't the point of pen-testing to take up an attackers' perspective and hit all your defenses to see if you missed something or misconfigured something? I mean, unless you're the only person who set up 100% of your infrastructure, how are you to know that someone didn't accidentally leave telnet open? If you didn't write 100% of the webapps your company is using, how are you to know they don't have SQL injection flaws? _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: PCI DSS & Firewalls, (continued)
- Re: PCI DSS & Firewalls Brian Loe (Apr 05)
- Re: PCI DSS & Firewalls miedaner (Apr 05)
- Re: PCI DSS & Firewalls Mark (Apr 06)
- Re: PCI DSS & Firewalls Brian Loe (Apr 06)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)
- Re: PCI DSS & Firewalls ArkanoiD (Apr 10)
- Re: PCI DSS & Firewalls Frank Knobbe (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls AMuse (Apr 02)
- Re: PCI DSS & Firewalls Darden, Patrick S. (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls Chris Myers (Apr 02)
- Re: PCI DSS & Firewalls Marcus J. Ranum (Apr 02)
- Re: PCI DSS & Firewalls R. DuFresne (Apr 02)
- Re: PCI DSS & Firewalls Paul D. Robertson (Apr 02)
- Re: PCI DSS & Firewalls lordchariot (Apr 02)
- Re: PCI DSS & Firewalls Jim Seymour (Apr 03)
- Re: PCI DSS & Firewalls Chris Blask (Apr 02)