Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: PCI Compliance Scope
From: Tracy Reed <treed () ultraviolet org>
Date: Thu, 12 Nov 2009 13:30:46 -0800

On Thu, Nov 12, 2009 at 12:42:35PM -0800, Eric Milam spake thusly:
Basically the fear are base camps from which to launch an attack.
As Erin stated below, if there are measures in place (not just
vlans) to prevent access from the log machine to the Card Holder
data environment then it may be that the device will be out of
scope.

Why not just VLANs? Do we not trust VLANs or are we worried about VLAN
misconfiguration? Or switch compromise? Cisco commissioned a study by
@Stake (IIRC) which made a pretty good case for VLAN security. Of
course, that may just be Cisco getting the results it paid for. But it
seemed reasonable to me.

-- 
Tracy Reed
http://tracyreed.org

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault