Penetration Testing mailing list archives
VISA/Mastercard PCI Vendor Scanning requirements
From: "Derek Nash" <ddnash () gmail com>
Date: Thu, 2 Mar 2006 20:52:25 -0600
For those of you who are providing PCI certified scanning how are you complying with the requirement that "The vendor should ensure that it has an unfiltered communication path to the customer's environment." in order to avoid "Internet Service Provider Blocked Ports" that could "result in misleading report conclusions." Mastercard eludes to scanning over a VPN tunnel, but that seems excessive and a potential logistical nightmare depending on volume of business and technical know-how at the client's end. I am just wonder what other providers are doing to comply. Thanks in advance for your posts. -- Best Regards, ddnash ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- VISA/Mastercard PCI Vendor Scanning requirements Derek Nash (Mar 03)
- Re: VISA/Mastercard PCI Vendor Scanning requirements John Kinsella (Mar 04)
- <Possible follow-ups>
- RE: VISA/Mastercard PCI Vendor Scanning requirements Shenk, Jerry A (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
- Re: VISA/Mastercard PCI Vendor Scanning requirements Derek Nash (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Michael Scheidell (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)