Penetration Testing mailing list archives

Re: VISA/Mastercard PCI Vendor Scanning requirements

From: John Kinsella <jlk () thrashyour com>
Date: Fri, 3 Mar 2006 10:09:58 -0800

I've only dealt with one PCI scanning company, suppossedly they're one
of the larger ones, but their scans are pathetic, to say the least.
Basically you're paying them to scan what you to say to scan, and then
what to ignore from those results, then you get a thumbs up.

John

On Thu, Mar 02, 2006 at 08:52:25PM -0600, Derek Nash wrote:

For those of you who are providing PCI certified scanning how are you
complying with the requirement that "The vendor should ensure that it
has an unfiltered communication path to the customer's environment."
in order to avoid "Internet Service Provider Blocked Ports" that could
"result in misleading report conclusions."

Mastercard eludes to scanning over a VPN tunnel, but that seems
excessive and a potential logistical nightmare depending on volume of
business and technical know-how at the client's end.

I am just wonder what other providers are doing to comply. Thanks in
advance for your posts.


--
Best Regards,

ddnash

------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------------


------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed 
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) 
and Response solution, leverages Cisco NetFlow to provide scalable, 
internal network security. 
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response 
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------------

Current thread:

VISA/Mastercard PCI Vendor Scanning requirements Derek Nash (Mar 03)
- Re: VISA/Mastercard PCI Vendor Scanning requirements John Kinsella (Mar 04)
- <Possible follow-ups>
- RE: VISA/Mastercard PCI Vendor Scanning requirements Shenk, Jerry A (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
  - Re: VISA/Mastercard PCI Vendor Scanning requirements Derek Nash (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Michael Scheidell (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)