Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
RE: PCI DSS Compliance
From: Steve Kerns (Steve.Kernsnetspi.com)
Date: Thu Dec 15 2005 - 07:53:10 CST
The Security Scanning Requirements for Vendors (March 2005) state:
Scanning the environment might trigger the IDS which will in some cases
automatically shut off any communication with the originating IP address
used by the scanning tool. This could produce false reports, so the
vendor should make sure it can
detect such an event. Under no circumstance should an IDS/IPS (intrusion
prevention system) interfere with the results of a vulnerability
When the infrastructure contains an IDS, the following options should be
* The IDS/IPS should be disabled for specific IP addresses (the
addresses of the vendor). This is the preferred solution.
* The vendor scans at a network location where the IDS/IPS can not
interfere with the operation.
So you have those 2 options.
Security Team Lead
800 Washington Ave N, Suite 463
Minneapolis, MN 55401
From: Ademar Gonzalez [mailto:ademar.gonzalezgmail.com]
Sent: Tuesday, December 13, 2005 10:37 AM
Subject: PCI DSS Compliance
A shared hosting client needs to get his site PCI DSS certified.
He forwarded us the following request from the company doing the
"Your site could not be certified. Your site appears to be running
scan detection software, that has prevented a reliable port scan. This
test is inconclusive. Please add our scanner ip: ##.##.##.## to your
scan detection software exclusion list to allow our scanner to make a
complete assessment of your system."
Is this request plain stupid or what ? Comments ?
I have deal with this kind of requests in the past and most of the
time the people running
this automated scans knows nothing at all about security nor anything
else and it becomes a pain dealing with the client on one end that
wants his website certified and the other guy on the security company
that wants you to open your firewall so hi can run his nmap or
whatever it is they run. It looks like the client runs the risk of not
being certified 'cause his website is over-protected. How would you
proceed in this situation ?