For the bank, we have to be PCI compliant. Its all a load of red tape and corporate fraud, but I have just about jumped through all the hoops, except I now need to be able to scan my home network once a quarter, and produce a report to say that the network is clean with no vulnerabilities.
Now I have done a little digging into this, and as they do not specify what a vunerability is, I think I am at this stage fairly free as to how I do this. It seems most of the Network scanning software out there that ranks, is aimed at the corporate environment. Anyone any ideas as to how to do it cheaply?
Is there software out there for the small business that you can recommend?
Ok found
Newt http://www.komodolabs.com/newtpro_download.shtml
Spiceworks http://www.spiceworks.com/
and
http://www.netscantools.com/nstbasicmain.html
no idea what I am looking at in any of these. If anyone has expecrience, then help appreciated. Otherwise testing starts soon.
I thought you were merely required to be running anti-virus/anti-malware on your client end
(I'm assuming this is an e-commerce setup, you're not storing CC numbers and you're not actually running a credit card machine through this home network, but just connecting to your site to download orders).
Tom
Kinda grey, but try http://www.tenable.com/products/nessus
Nessus is pretty much industry standard, and you can essentially use it free for home use by signing up to Homefeed. Also excellent for scanning your web servers.
Thx Jetboy, will look at that.
ergophobe. Yes 95% of all transactions go through my payment gateway. Unfortunately about 3 times a week, I take a Credit card over the phone, and use a virtual terminal on The Gateway website (we use Secure Trading)
Because of that I have had to fill out a 12 page list of questions, I have to have my personal IP address scanned every quarter and pay for it using an "approved supplier" and have to scan my internal network every quarter.
Now as far as I can see, the only difference between a customer filling out their CC details on an https secure site, and me putting them into the virtual terminal, is that in this case. I do it with someone else's card.
Jetboy, thats $1200 per year unfortunately.
Newt scans and reports on the network, but does not seem to specifically pick out vulnerabilities.
But I have found in digging an amazing resource of best free security software. ABout 10 I have used for removing malware, but this list is endless, and goes into every aspect of security. worth a bookmark.
http://www.techsupportalert.com/content/probably-best-free-security-list-world.htm
Ok, this does the job free for 5 ip addresses:
http://www.gfi.com/lannetscan
@Rupert: Free for home use though, hence the comment about it being a bit of a grey area, as it's your home network, but your reason for wanting it is for business use.
Ah thx, I missed that bit :)
>>Unfortunately about 3 times a week, I take a Credit card over the phone,
Almost afraid to say this publicly... we do this with Paypal Virtual Terminal and they don't require anything except an SSL (or TLS really I suppose) connection and that you be logged into your account. I have anti-virus and anti-malware scanning software, but I don't recall Paypal requiring it.
I just built a site for someone with the ability to create a customer order, so he effectively orders over the website, entering in the the customer payment and shipping info, just as if the customer were doing it himself. Again, using Paypal and so far they have not placed any requirements on him for his home network - we have malware scanning and monthly scans on the server fo PCI issue compliance (at least in theory, I don't handle this) - but nothing on the home network end.
Never thought of that....
That has nothing to do with my Bank, so they could not specify it. Had a chat with a very helpful Chap at GFI Languard, who explained what I needed, so solved for now. I just run a scan every 3 months.