WebApp Sec mailing list archives
Re: PCI DSS Compliance
From: Richard Moore <rich () westpoint ltd uk>
Date: Thu, 15 Dec 2005 09:51:20 +0000
Ademar Gonzalez wrote:
A shared hosting client needs to get his site PCI DSS certified. He forwarded us the following request from the company doing the assessment. "Your site could not be certified. Your site appears to be running scan detection software, that has prevented a reliable port scan. This test is inconclusive. Please add our scanner ip: ##.##.##.## to your scan detection software exclusion list to allow our scanner to make a complete assessment of your system." Is this request plain stupid or what ? Comments ?
No it's not stupid. For one thing, it is one of the PCI requirements. They cannot be certified if the scan was blocked by an IPS.
How would you proceed in this situation ?
I would do what my customer asked. Cheers Rich. -- Richard Moore, Principal Software Engineer, Westpoint Ltd, Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England Tel: +44 161 237 1028 Fax: +44 161 237 1031
Current thread:
- PCI DSS Compliance Ademar Gonzalez (Dec 14)
- Re: PCI DSS Compliance Richard Moore (Dec 15)
- Re: PCI DSS Compliance Roy Britten (Dec 16)
- RE: PCI DSS Compliance Michael Johnson (Dec 16)
- RE: PCI DSS Compliance Syed Mohamed A (Dec 16)
- Re: PCI DSS Compliance Pete Herzog (Dec 18)
- RE: PCI DSS Compliance Syed Mohamed A (Dec 16)
- RE: PCI DSS Compliance Lyal Collins (Dec 16)
- Re: PCI DSS Compliance Peter Watkins (Dec 16)
- <Possible follow-ups>
- RE: PCI DSS Compliance Sebastien Deleersnyder (Dec 15)
- RE: PCI DSS Compliance Steve Kerns (Dec 15)
- Re: PCI DSS Compliance Ademar Gonzalez (Dec 15)
- RE: PCI DSS Compliance Lyal Collins (Dec 16)
- Re: PCI DSS Compliance Ademar Gonzalez (Dec 15)
(Thread continues...)