on 14:20 Fri 18 Feb, Michael B Allen (ioplex@xxxxxxxxx) wrote:
> Hi,
>
> Can someone recommend a good vulnerability scanning service? I just
> need the minimum for PCI compliance (it's a sort of credit card
> processing certification).
First: if you're headed down the compliance / certification route,
you're going to want to go with a certified vendor / service provider
for this.
> I got a free scan from https://www.hackerguardian.com/ and their scan
> reported a number of "Fail" results. I haven't checked them all yet
> but most seem to be things for which fixes were backported looong ago
> by The Upstream Vendor.
You can also run your own scans as a preemptive measure -- nessus is
probably the baseline tool, though I'd also be interested in what others
people would recommend.
> I haven't spoken with the hackerguardian people yet but it would be
> nice if I could just say "I'm using CentOS 5.5" and have them factor
> that into their report so that I can focus on any real issues. Are
> there vulnerability scanning services that are more or less
> sophisticated about this?
I'd suggest you educate yourself on the PCI compliance issue, and query
your prospective vendor(s) on what specific scans they run and/or how
these are tuned to specific operating environments.
I'd tend to suspect that vuln/pen testing is going to be based more on
known vulnerabilities than your environment.
--
Dr. Ed Morbius, Chief Scientist / |
Robot Wrangler / Staff Psychologist | When you seek unlimited power
Krell Power Systems Unlimited | Go to Krell!
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
