Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: PCI DSS Compliance
From: Richard Moore (richwestpoint.ltd.uk)
Date: Thu Dec 15 2005 - 03:51:20 CST
Ademar Gonzalez wrote:
> A shared hosting client needs to get his site PCI DSS certified.
> He forwarded us the following request from the company doing the assessment.
> "Your site could not be certified. Your site appears to be running
> scan detection software, that has prevented a reliable port scan. This
> test is inconclusive. Please add our scanner ip: ##.##.##.## to your
> scan detection software exclusion list to allow our scanner to make a
> complete assessment of your system."
> Is this request plain stupid or what ? Comments ?
No it's not stupid. For one thing, it is one of the PCI requirements.
They cannot be certified if the scan was blocked by an IPS.
> How would you proceed in this situation ?
I would do what my customer asked.
Richard Moore, Principal Software Engineer,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031