Penetration Testing mailing list archives
RE: VISA/Mastercard PCI Vendor Scanning requirements
From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Fri, 3 Mar 2006 13:43:47 -0500
There are a lot of ISPs that block a few ports, typically the NetBIOS stuff but I know ISPs that will periodically block ports if there is worm outbreak this has been related to the "NetBIOS stuff" in the past. If you can't be sure that everything is getting through, then it seems like a part of the scanning might need to be done on-site. -----Original Message----- From: Derek Nash [mailto:ddnash () gmail com] Sent: Thursday, March 02, 2006 9:52 PM To: pen-test () securityfocus com Subject: VISA/Mastercard PCI Vendor Scanning requirements For those of you who are providing PCI certified scanning how are you complying with the requirement that "The vendor should ensure that it has an unfiltered communication path to the customer's environment." in order to avoid "Internet Service Provider Blocked Ports" that could "result in misleading report conclusions." Mastercard eludes to scanning over a VPN tunnel, but that seems excessive and a potential logistical nightmare depending on volume of business and technical know-how at the client's end. I am just wonder what other providers are doing to comply. Thanks in advance for your posts. -- Best Regards, ddnash ------------------------------------------------------------------------ ------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------ ------ **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business. ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- VISA/Mastercard PCI Vendor Scanning requirements Derek Nash (Mar 03)
- Re: VISA/Mastercard PCI Vendor Scanning requirements John Kinsella (Mar 04)
- <Possible follow-ups>
- RE: VISA/Mastercard PCI Vendor Scanning requirements Shenk, Jerry A (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
- Re: VISA/Mastercard PCI Vendor Scanning requirements Derek Nash (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Michael Scheidell (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)