Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Opinions on vulnerability scanning practice?

From: rgutter () gmail com
Date: 2 Aug 2006 22:20:06 -0000
I'd like to get a community opinion on this. We're a union that provides free web hosting to a number of related 
non-profit organizations. Some of them have gone to a third-party provider for e-commerce functionality, and obviously 
want to link to that provider from their sites on our server.

Wanting to set up merchant accounts for these organizations, that provider's e-commerce service (Beanstream) had a risk 
management firm run a vulnerability scan on our server, stating that Visa requires AIS end-to-end compliance within the 
Visa payment system.

Now, I recognize the desire to prevent pharming and similar attacks that could occur were my system to be compromised, 
but my first response was: "Who the ^*$$* do you think you are to run a scan on my system without permission?"

What's the deal here? Am I out of line? Is this normal practice? 

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: