Date: Mon, 28 Jul 2008 14:22:46 -0400 From: "Bob McConnell" <rvm@CBORD.com> To: <freebsd-questions@freebsd.org> Subject: RE: pci compliance Message-ID: <FF8482A96323694490C194BABEAC24A0030A25CF@Email.cbord.com> In-Reply-To: <35f70db10807281102q5a0b73c3h554338292e3b751a@mail.gmail.com> References: <488E0708.2060207@godfur.com> <35f70db10807281102q5a0b73c3h554338292e3b751a@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Behalf Of Ross Cameron > On Mon, Jul 28, 2008 at 7:51 PM, kalin m <mail@godfur.com> wrote: >>=20 >> i'm about to submit a freebsd system to be scanned for pci compliance... >> >> is there any particular gotchas with bsd systems that can be detected at >> the time of pci compliance scanning? >> i know they use something like nmap if not nmap itself and i did myself on >> that machine and didn't find anything interesting. >> but one of the consultants that was 'advising' the company i work for said >> "we use similar (as in nmap) approach but it's (much) more intrusive". >> anybody knows what does that mean? >=20 > The PCI auditing process is a full penetration test. > It's very thorough and not at all easy to pass. >=20 > Get hold of a copy of "The penetration tester's handbook" and make sure u > pass all the tests in the book and u should be ok How intense depends on which PCI level you are aiming for and which services you will have running on that server. We have completed level 3 for our hosted web servers and firewalls, and are shooting for level 1 by the end of the calendar year. However, I am not yet involved in any of those projects. Bob McConnell
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FF8482A96323694490C194BABEAC24A0030A25CF>