pci compliance
Ross Cameron
ross.cameron at linuxpro.co.za
Mon Jul 28 18:58:08 UTC 2008
On Mon, Jul 28, 2008 at 8:24 PM, kalin m <mail at godfur.com> wrote:
> cool. thanks. i couldn't find anything on google under that name but i've
> been looking and reading on a lot of documentation on line and print.
> so i was just asking if there are any things that pertain in particular to
> the freebsd os that need to be addressed before the scanning.
>
> how full of a penetration can you have if (almost) all incoming ports are
> blocked?
>
> thanks....
>
Depends on the PCI level you are being audited for.
But there are any number of attacks you can throw at a box thats fully
closed up, and the aim is not to get it but rather to chew up all the ram
and cpu and kill the box off.
I suggest you read the PCI compliance document for the relevant level and
make sure you test the system to comply with the documented requirements.
More information about the freebsd-questions
mailing list