pci compliance
Bob McConnell
rvm at CBORD.com
Mon Jul 28 18:27:01 UTC 2008
On Behalf Of Ross Cameron
> On Mon, Jul 28, 2008 at 7:51 PM, kalin m <mail at godfur.com> wrote:
>>
>> i'm about to submit a freebsd system to be scanned for pci
compliance...
>>
>> is there any particular gotchas with bsd systems that can be detected
at
>> the time of pci compliance scanning?
>> i know they use something like nmap if not nmap itself and i did
myself on
>> that machine and didn't find anything interesting.
>> but one of the consultants that was 'advising' the company i work for
said
>> "we use similar (as in nmap) approach but it's (much) more
intrusive".
>> anybody knows what does that mean?
>
> The PCI auditing process is a full penetration test.
> It's very thorough and not at all easy to pass.
>
> Get hold of a copy of "The penetration tester's handbook" and make
sure u
> pass all the tests in the book and u should be ok
How intense depends on which PCI level you are aiming for and which
services you will have running on that server. We have completed level 3
for our hosted web servers and firewalls, and are shooting for level 1
by the end of the calendar year. However, I am not yet involved in any
of those projects.
Bob McConnell
More information about the freebsd-questions
mailing list