Date: Mon, 28 Jul 2008 20:02:40 +0200 From: "Ross Cameron" <ross.cameron@linuxpro.co.za> To: "kalin m" <mail@godfur.com> Cc: freebsd-questions@freebsd.org Subject: Re: pci compliance Message-ID: <35f70db10807281102q5a0b73c3h554338292e3b751a@mail.gmail.com> In-Reply-To: <488E0708.2060207@godfur.com> References: <488E0708.2060207@godfur.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 28, 2008 at 7:51 PM, kalin m <mail@godfur.com> wrote:
> hi all...
>
> i'm about to submit a freebsd system to be scanned for pci compliance...
>
> is there any particular gotchas with bsd systems that can be detected at
> the time of pci compliance scanning?
> i know they use something like nmap if not nmap itself and i did myself on
> that machine and didn't find anything interesting.
> but one of the consultants that was 'advising' the company i work for said
> "we use similar (as in nmap) approach but it's (much) more intrusive".
> anybody knows what does that mean?
>
> thanks...
The PCI auditing process is a full penetration test.
It's very thorough and not at all easy to pass.
Get hold of a copy of "The penetration tester's handbook" and make sure u
pass all the tests in the book and u should be ok
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35f70db10807281102q5a0b73c3h554338292e3b751a>