On Behalf Of Ross Cameron
> On Mon, Jul 28, 2008 at 7:51 PM, kalin m <[EMAIL PROTECTED]> wrote:
>> 
>> i'm about to submit a freebsd system to be scanned for pci
compliance...
>>
>> is there any particular gotchas with bsd systems that can be detected
at
>> the time of pci compliance scanning?
>> i know they use something like nmap if not nmap itself and i did
myself on
>> that machine and didn't find anything interesting.
>> but one of the consultants that was 'advising' the company i work for
said
>> "we use similar (as in nmap) approach but it's (much) more
intrusive".
>> anybody knows what does that mean?
> 
> The PCI auditing process is a full penetration test.
>    It's very thorough and not at all easy to pass.
> 
> Get hold of a copy of "The penetration tester's handbook" and make
sure u
> pass all the tests in the book and u should be ok

How intense depends on which PCI level you are aiming for and which
services you will have running on that server. We have completed level 3
for our hosted web servers and firewalls, and are shooting for level 1
by the end of the calendar year. However, I am not yet involved in any
of those projects.

Bob McConnell
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to