Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: IPS comparison

Re: IPS comparison

From: Chuck <chuck.lists_at_gmail.com>
Date: Wed, 27 Jul 2005 09:33:26 -0400

Since you mentioned PCI compliance, one thing you might not be aware
of is that for your regular PCI vulnerability scans and penetration
tests you will have to disable the IPS (from the scanning systems).
An IPS will not help you in passing the PCI compliance scans.

This is documented in requirement 15 on page 4 of this document:
https://sdp.mastercardintl.com/pdf/pcs_manual.pdf

Is there a specific requirement for you to have an IPS in your system?
 There could be such a requirement for large enough systems that I am
not aware of, so I'd be interested to hear about it.

And, of course, this is not to say that IPSs are useless in a
practical sense. An IPS will provide defense in depth if you
accidentally field a vulnerable system, but it cannot be used as a
substitute for securing the underlying systems.

Chuck

On 7/26/05, Jeffrey Leggett <jleggett_at_interland.com> wrote:
> Ha... I am in the middle of testing and evaluating IPS solutions for my company, a large Web Hoster for PCI/CISP compliance.
Received on Jul 27 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]