Home > Security > PCI Scan Passed!

PCI Scan Passed!

July 16th, 2008 Ben Cecka Leave a comment Go to comments

This might not seem like a huge deal to some, but we just passed our first PCI vulnerability scan. These little Mikrotik routers (using RouterOS) really know how to rock!

Out of our current 19 public interfaces, we did have a single one that responded via ICMP. It was more or a less bad timing on our part because performing support on the machines behind the routers isn’t perfected yet, so we have to go in and disable bottom drop-rules for a few minutes to get in. Packet filtering is still active and unwanted traffic won’t come through, but it did allow that router to talk back and announce its existence — unlike the rest of the stoic batch.

One more big step out of the way…

Categories: Security
  1. Nik
    July 18th, 2008 at 15:40 | #1
    Reply | Quote

    Congrats on that. If you need help, I’d be glad to freelance. ;)

  2. Shawn
    August 26th, 2008 at 14:34 | #2
    Reply | Quote

    Came across your blog due to the strange phenomenon that is twitter. Glad to see other companies are actually implementing PCI standards and following through with them.

  3. Kate Carruthers
    October 28th, 2008 at 01:44 | #3
    Reply | Quote

    Hey Ben – just catching up on your blog, know the PCI audits are a pain so good on you :)

  4. Ben Cecka
    October 28th, 2008 at 14:28 | #4
    Reply | Quote

    Thanks and they certainly are. All in all it’s been 2 years of catchup for a company that had minimal security infrastructure. While PCI got me funding for dozens of pet projects that I wanted (VPN’s, perimeter firewalls, etc.), managing it and making sure the new polices are being followed is a bear all by itself.

    At any rate, it’s great resume fodder should I want to grow in the infosec realm (which I do).

  1. No trackbacks yet.