Viewing posts tagged SMB

I Have Vulnerabilities On My LAN. So What?!

During the course of my penetration testing engagements (where I pretend I'm a malicious user and attempt to do naughty things on the network), I usually see or detect many vulnerabilities that are typically not found on the public internet. These vulnerabilities range from a small information disclosure (yawn) to full remote code execution (OH YES!) and of course everything in between. As a good security professional, my recommendations are to fix every single vulnerability found. This would exclude vulns that exist due to a specific business need, such as legacy systems or applications, or other legitimate reasons. When I suggest that we fix all of them, I often receive pushback from IT staff and sometimes even the stakeholders.

Read More




Self-Assessment Questionnaire C-VT Explained

With the newest version of the PCI DSS came a new SAQ type - SAQ C-VT. This particular SAQ form is geared toward a special branch of merchant. Even though SAQ C-VT qualifying merchants use the Internet to process credit card data, they do it in such a way that most of the responsibility of security is off-loaded to a third party. In order to qualify for SAQ C-VT, merchants must use a third party virtual terminal to process all credit card transactions.

Read More


Self-Assessment Questionnaire B Explained

Self-Assessment Questionnaire B is probably the most popular of all the SAQ types provided by the PCI SSC. SAQ B applies to the majority of small business retail stores. SAQ B applies to the most basic and traditional methods of processing credit card payments. It basically addresses the simplest processing methods, from old style card imprint machines to the basic telephone dial-up card terminals. With only a few more requirements over what is needed for SAQ A, SAQ B is a simple and straight forward questionnaire for reporting your PCI compliance.

Read More

GET IN TOUCH

Call us at (214) 556-6613 or   CONTACT US