On Behalf Of Ross Cameron > On Mon, Jul 28, 2008 at 7:51 PM, kalin m <[EMAIL PROTECTED]> wrote: >> >> i'm about to submit a freebsd system to be scanned for pci compliance... >> >> is there any particular gotchas with bsd systems that can be detected at >> the time of pci compliance scanning? >> i know they use something like nmap if not nmap itself and i did myself on >> that machine and didn't find anything interesting. >> but one of the consultants that was 'advising' the company i work for said >> "we use similar (as in nmap) approach but it's (much) more intrusive". >> anybody knows what does that mean? > > The PCI auditing process is a full penetration test. > It's very thorough and not at all easy to pass. > > Get hold of a copy of "The penetration tester's handbook" and make sure u > pass all the tests in the book and u should be ok
How intense depends on which PCI level you are aiming for and which services you will have running on that server. We have completed level 3 for our hosted web servers and firewalls, and are shooting for level 1 by the end of the calendar year. However, I am not yet involved in any of those projects. Bob McConnell _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"