|
Penetration Testing
PCI Compliance Scope Nov 12 2009 03:27PM Danux (danuxx gmail com) (4 replies) RE: PCI Compliance Scope Nov 12 2009 09:52PM Bakshi, Narinder (FIN) (Narinder Bakshi ontario ca) (1 replies) RE: PCI Compliance Scope Nov 12 2009 07:13PM Erin Carroll (amoeba amoebazone com) (2 replies) Re: PCI Compliance Scope Nov 12 2009 09:32PM David Glosser (david glosser gmail com) (1 replies) |
|
|
Privacy Statement |
allowed it as the only form of separation.
Tracy Reed wrote:
> On Thu, Nov 12, 2009 at 12:42:35PM -0800, Eric Milam spake thusly:
>
>> Basically the fear are base camps from which to launch an attack.
>> As Erin stated below, if there are measures in place (not just
>> vlans) to prevent access from the log machine to the Card Holder
>> data environment then it may be that the device will be out of
>> scope.
>>
>
> Why not just VLANs? Do we not trust VLANs or are we worried about VLAN
> misconfiguration? Or switch compromise? Cisco commissioned a study by
> @Stake (IIRC) which made a pretty good case for VLAN security. Of
> course, that may just be Cisco getting the results it paid for. But it
> seemed reasonable to me.
>
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]