The ever looming threat of PCI compliance seems to have come to fruition.
For those of you who are thinking PCI compliance? PCI (Payment Card Industry) is a security standard to which your internet facing services must adhere to become compliant with the PCI standard. https://www.pcisecuritystandards.org/
The excitingly named penetration test is involved in the PCI compliance. This test tests all open ports on your external ip address and tries to locate any vulnerabilities. It will have a look at a port, decide what kind of server is listening on it e.g. smtp and then try any known vulnerability and also ensure where possible it is using the most secure implementation of the protocol available.
The not so exciting part of all of this is that banks are now insisting any sites which process credit/debit card transactions attain PCI compliance.
A report is generated when your penetration test is complete which lists the vulnerabilities which need resolving. We have had great success in helping a number of our customers attain PCI compliance. One common issue relates to SSL in IIS and the level of security it offers.
http://support.microsoft.com/kb/q218180/
http://support.microsoft.com/kb/187498
If you need any help getting PCI compliance get in touch and we can help you.
Good Luck.
