SecurityFocus

PCI Compliance Scope Nov 12 2009 03:27PM
Danux (danuxx gmail com) (4 replies)

RE: PCI Compliance Scope Nov 12 2009 09:52PM
Bakshi, Narinder (FIN) (Narinder Bakshi ontario ca) (1 replies)

RE: PCI Compliance Scope Nov 13 2009 04:54PM
Bakshi, Narinder (FIN) (Narinder Bakshi ontario ca)

Re: PCI Compliance Scope Nov 12 2009 08:58PM
Jon Janego (jonjanego gmail com)

RE: PCI Compliance Scope Nov 12 2009 07:13PM
Erin Carroll (amoeba amoebazone com) (2 replies)

Re: PCI Compliance Scope Nov 12 2009 09:32PM
David Glosser (david glosser gmail com) (1 replies)

Re: PCI Compliance Scope Nov 13 2009 03:02AM
David M. Zendzian (dmz dmzs com) (1 replies)

Re: PCI Compliance Scope Nov 13 2009 06:23PM
Dotzero (dotzero gmail com)

Re: PCI Compliance Scope Nov 12 2009 08:42PM
Eric Milam (emilam coretechsg com) (1 replies)

Re: PCI Compliance Scope Nov 12 2009 09:30PM
Tracy Reed (treed ultraviolet org) (1 replies)

On Thu, Nov 12, 2009 at 12:42:35PM -0800, Eric Milam spake thusly:
> Basically the fear are base camps from which to launch an attack.
> As Erin stated below, if there are measures in place (not just
> vlans) to prevent access from the log machine to the Card Holder
> data environment then it may be that the device will be out of
> scope.

Why not just VLANs? Do we not trust VLANs or are we worried about VLAN
misconfiguration? Or switch compromise? Cisco commissioned a study by
@Stake (IIRC) which made a pretty good case for VLAN security. Of
course, that may just be Cisco getting the results it paid for. But it
seemed reasonable to me.

--
Tracy Reed
http://tracyreed.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFK/H6G9PIYKZYVAq0RAo5eAKCFR/M3RD1Nzkkae/1C39cgMdDbxwCeJqnk
YochM0FyeIqcT8uy2zTIjro=
=S/g9
-----END PGP SIGNATURE-----

[ reply ]

Re: PCI Compliance Scope Nov 12 2009 09:34PM
Eric Milam (emilam coretechsg com) (1 replies)

Re: PCI Compliance Scope Nov 12 2009 10:18PM
Danux (danuxx gmail com) (5 replies)

RE: PCI Compliance Scope Nov 13 2009 04:21PM
Jason Hurst (Jason Hurst PandaRG com) (1 replies)

Re: PCI Compliance Scope Nov 13 2009 04:58PM
Danux (danuxx gmail com)

Re: PCI Compliance Scope Nov 13 2009 03:07AM
rajat swarup (rajats gmail com)

Re: PCI Compliance Scope Nov 13 2009 03:07AM
David M. Zendzian (dmz dmzs com)

Re: PCI Compliance Scope Nov 13 2009 03:00AM
Mohamed Farid (m farid shawara gmail com)

Re: PCI Compliance Scope Nov 13 2009 01:38AM
Gary E. Miller (gem rellim com)

RE: PCI Compliance Scope Nov 12 2009 07:13PM
Gary Everekyan (Gary Everekyan consumerinfo com)