PCI DSS 11.2.2 – ASV Scan Interference and Inconclusive scans
http://ePaymentCardIndustry.com – Customers can deploy active protection devices which can interfere with an ASV scan of all their in-scope Internet-facing network devices. This video discusses scan interference, inconclusive scans, how to resolve these scan issues. Inconclusive scans are reported by the ASV as FAILED scans.
0:13 – What is an inconclusive scan?
0:23 – What is scan interference?
1:01 – Definition of scan interference
1:37 – What is an active protection system?
1:47 – Intrusion Prevention System that drops traffic based on previous behavior
2:17 – Web application firewall blocks traffic based on events
2:41 – firewall blocks detected port scans
2:53 – Next generation firewall blocking IP address ranges
3:25 – Quality of Service device
3:46 – SPAM filter
4:38 – Exception 1: Intrusion Detection System
4:54 – Exception 2: Intrusion Prevention System blocks specific attacks
5:42 – Exception 3: web application firewall blocks SQL injection attack
5:57 – Exception 4: firewall always blocks some ports and always allows other ports
6:18 – Exception 5: VPN server only allows authorized access
6:42 – Exception 6: anti-virus software blocking attacks
7:11 – Exception 7: Logging & monitoring tools
7:37 – How do we resolve inconclusive scans?
8:07 – Why reconfigure systems?
8:34 – No active protection device at customer location?
9:18 – Alternate methods to complete ASV scan
10:05 – Inconclusive scans = FAILED scans
10:17 – Recap issues discussed
atoll logiciel
Thanks for sharing. Nice explanation.