Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PCI Compliance Scope

From: "Gary E. Miller" <gem () rellim com>
Date: Thu, 12 Nov 2009 17:38:14 -0800 (PST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Danux!

I can confirm from experience that the first thing a hacker often
does after getting access is try to clean the logs.  They need to
be protected.

Can't you just setup a cheap Ubuntu server to log just the PCI
assets?

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFK/LiIBmnRqz71OvMRAirGAKDfNvEcdDBUgSTm7pOLP67+izoKBQCg26u7
JVm7yMQhObwQniFqYot8VOo=
=5Om5
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: