Penetration Testing mailing list archives

RE: VISA/Mastercard PCI Vendor Scanning requirements

From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Fri, 3 Mar 2006 13:43:47 -0500

There are a lot of ISPs that block a few ports, typically the NetBIOS
stuff but I know ISPs that will periodically block ports if there is
worm outbreak this has been related to the "NetBIOS stuff" in the past.
If you can't be sure that everything is getting through, then it seems
like a part of the scanning might need to be done on-site.

-----Original Message-----
From: Derek Nash [mailto:ddnash () gmail com] 
Sent: Thursday, March 02, 2006 9:52 PM
To: pen-test () securityfocus com
Subject: VISA/Mastercard PCI Vendor Scanning requirements

For those of you who are providing PCI certified scanning how are you
complying with the requirement that "The vendor should ensure that it
has an unfiltered communication path to the customer's environment."
in order to avoid "Internet Service Provider Blocked Ports" that could
"result in misleading report conclusions."

Mastercard eludes to scanning over a VPN tunnel, but that seems
excessive and a potential logistical nightmare depending on volume of
business and technical know-how at the client's end.

I am just wonder what other providers are doing to comply. Thanks in
advance for your posts.

--
Best Regards,

ddnash

------------------------------------------------------------------------
------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across
distributed 
enterprise networks. StealthWatch, the veteran Network Behavior Analysis
(NBA) 
and Response solution, leverages Cisco NetFlow to provide scalable, 
internal network security. 
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and
Response 
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------
------

**DISCLAIMER
This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which 
they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the 
intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the 
message. If you have received this communication in error, please notify the sender and delete this e-mail message. The 
contents do not represent the opinion of D&E except to the extent that it relates to their official business.

------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------------

Current thread:

VISA/Mastercard PCI Vendor Scanning requirements Derek Nash (Mar 03)
- Re: VISA/Mastercard PCI Vendor Scanning requirements John Kinsella (Mar 04)
- <Possible follow-ups>
- RE: VISA/Mastercard PCI Vendor Scanning requirements Shenk, Jerry A (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
  - Re: VISA/Mastercard PCI Vendor Scanning requirements Derek Nash (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Michael Scheidell (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)
- RE: VISA/Mastercard PCI Vendor Scanning requirements Craig Wright (Mar 04)