Educause Security Discussion mailing list archives
Re: Vendors for PCI Compliance Scanning
From: "HALL, NATHANIEL D." <halln () OTC EDU>
Date: Wed, 28 May 2008 15:08:51 -0500
1) I think it was inappropriate because it didn't even get close to answering the question. Tripwire is not an approved scanning vendor, merely an auditing tool used to check various settings. 2) We currently use Security Metrics to scan our outside presence. I haven't been real thrilled with them because it appears they are simply running a Nessus scan. I have also had several false positives that I have had to contact them about that were not even close to an actual problem. 3) We originally used Fishnet Security to do our scans. They were very thorough and they actually validated the results. They actually use a Qualys system to do their scans and it does it very well. -- Nathaniel Hall, GSEC GCFW GCIA GCIH GCFA Network Security System Administrator OTC Computer Networking (417) 447-7535 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brett Bartow Sent: Wednesday, May 28, 2008 2:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Vendors for PCI Compliance Scanning Whoops! I sincerely apologize to all who found my response a misuse of the list. My intention was to simply respond to a request for information. I have no interest in sending unsolicited information. Thank you for your feedback and this will not happen again. Sincerely, Brett Bartow Account Manager - Education/Nonprofit Direct: 503.276.7651 Fax: 425.963.4652 TRIPWIRE | The Leader in Configuration Audit & Control Check out the latest Tripwire news! -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Conor McGrath Sent: Wednesday, May 28, 2008 12:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Vendors for PCI Compliance Scanning Roger Safian wrote the following, on 5/28/08 1:57 PM:
Is this an appropriate use of this list? Personally I don't mind vendor participation, as long as said participation isn't just a transparent ploy to drum up business. This seems to be a most egregious violation. Am I the only one who feels that way?
You are not the only one who feels this way. Add my 2 cents to the pile. -Conor
At 01:35 PM 5/28/2008, Brett Bartow put fingers to keyboard and wrote:Chuck, We have a very strong solution for automating compliance. Seven out
of
the top ten retailers use Tripwire. Please see the following link and give me a call if you would like to discuss further. http://www.tripwire.com/solutions/regulations/pci.cfm Thanks, Brett Bartow Account Manager - Education/Nonprofit Direct: 503.276.7651 Fax: 425.963.4652 TRIPWIRE | The Leader in Configuration Audit & Control Check out the latest Tripwire news! -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chuck McCants Sent: Wednesday, May 28, 2008 10:58 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Vendors for PCI Compliance Scanning Hello, A question came up in a meeting this morning, that leads me to ask - "What company are you using to do your PCI compliance scanning?" All responses and opinions of your experiences would be helpful (good
or
bad). -- Chuck McCants Lead Security Specialist C&IT Security and Access Mgmt Wayne State University 313.577.3455
-- Conor McGrath Phone: (773)702-7611 Manager for Network Security Fax: (773)834-8444 Network Security Center, The University of Chicago NetSec: (773)702-2378 PGP: http://security.uchicago.edu/centerinfo/pgpkeys.shtml
Current thread:
- Re: Vendors for PCI Compliance Scanning, (continued)
- Re: Vendors for PCI Compliance Scanning Roger Safian (May 28)
- Re: Vendors for PCI Compliance Scanning Mike Chapple (May 28)
- Re: Vendors for PCI Compliance Scanning Brett Bartow (May 28)
- Re: Vendors for PCI Compliance Scanning Roger Safian (May 28)
- Re: Vendors for PCI Compliance Scanning Peter Sylvester (May 28)
- Re: Vendors for PCI Compliance Scanning Conor McGrath (May 28)
- Re: Vendors for PCI Compliance Scanning Sealey, Adam L. (May 28)
- Re: Vendors for PCI Compliance Scanning Chuck McCants (May 28)
- Re: Vendors for PCI Compliance Scanning Ken Connelly (May 28)
- Re: Vendors for PCI Compliance Scanning Brett Bartow (May 28)
- Re: Vendors for PCI Compliance Scanning HALL, NATHANIEL D. (May 28)
- Vendors for PCI Compliance Scanning Chuck McCants (May 30)