RE: VISA/Mastercard PCI Vendor Scanning requirements

From: Michael Scheidell (scheidell@secnap.net)
Date: Fri Mar 03 2006 - 18:21:17 EST

• Next message: Craig Wright: "RE: VISA/Mastercard PCI Vendor Scanning requirements"
• Previous message: Derek Nash: "Re: VISA/Mastercard PCI Vendor Scanning requirements"
• Maybe in reply to: Derek Nash: "VISA/Mastercard PCI Vendor Scanning requirements"
• Next in thread: Craig Wright: "RE: VISA/Mastercard PCI Vendor Scanning requirements"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> -----Original Message-----
> From: Derek Nash [mailto:ddnash@gmail.com]
> Sent: Thursday, March 02, 2006 9:52 PM
> To: pen-test@securityfocus.com
> Subject: VISA/Mastercard PCI Vendor Scanning requirements
>
>
> For those of you who are providing PCI certified scanning how
> are you complying with the requirement that "The vendor
> should ensure that it has an unfiltered communication path to
> the customer's environment." in order to avoid "Internet
> Service Provider Blocked Ports" that could "result in
> misleading report conclusions."

At least it means not to use a consumer (home) cable modem or dsl
connection that the ISP may block certain 'bothersome' port.

Some ISP's block ports such as 25, 111, 12345, 445, 139, etc to block
spamming from infected hosts, spreading worms via infected hosts, etc.

In fact, a 'vpn' may give false positives, since you have more access to
the clients network than a normal, unprivileged user.

Example: a vpn may be able to access tcp port 445 on a web server, (or
tcp port 80) and get netbios based information not available on the only
port opened to the public (say, port 443).

A vpn might access internal tcpip stacks (with predictable sequence
numbers).etc.

On interesting thing, they do suggest that to avoid IPS or automated ip
shunning, that the target network whitelist your ip addresses.

One thought is that it is more efficient to run the first set of
automated scans than actually do what a hacker might do ('0wn' 125,000
zombies to scan from).

------------------------------------------------------------------------------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------------

• Next message: Craig Wright: "RE: VISA/Mastercard PCI Vendor Scanning requirements"
• Previous message: Derek Nash: "Re: VISA/Mastercard PCI Vendor Scanning requirements"
• Maybe in reply to: Derek Nash: "VISA/Mastercard PCI Vendor Scanning requirements"
• Next in thread: Craig Wright: "RE: VISA/Mastercard PCI Vendor Scanning requirements"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:36 EDT