Solved

PCI Compliance Network Scan Penetration Test

Posted on 2014-10-14
6
164 Views
Last Modified: 2015-01-11
Working with Dentist, Chiropractors, CPA's and Other Financial planners...Some as Low as 3 Desktops and 1 Server --> 39 Desktops and 2 Servers.

I am in need of a Penetration Test that Won't Break the Bank..

Been calling all day and they range from $5,000 and up.

Cjoego
0
Comment
Question by:Joseph Salazar
6 Comments
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40381530
Have you looked at the approved list of PCI scanning companies?  https://www.pcisecuritystandards.org/approved_companies_providers/approved_scanning_vendors.php
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40381575
Those guys doing pen tests are usually highly trained security experts. It is normal that those charge you at the very least 1000USD per person per day. What figures did you expect, if I may ask?
0
 

Author Comment

by:Joseph Salazar
ID: 40391289
will be checking out the list this week,

I have Small clients between 5-25 PC's and I am wishing to start a Security marketing Campaign and Needed a Cheap either Scanning company or Scanner it'self. to check a Network before and after my Install

Cjoego
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 1

Accepted Solution

by:
Ahmed Amin Ahmed earned 500 total points
ID: 40519126
instead of going to penetration testing which is actually very expensive. You may go for Vulnerability Assessment/Security Assessment. Using automated tools available in the Market.

e.g..
1- Nessus - http://www.tenable.com/products/nessus
2- GFI LanGuard- http://www.gfi.com/products-and-solutions/network-security-solutions/gfi-languard
3- Nexpose - http://www.rapid7.com/products/nexpose/

or You may go to freelancer's websites, and hire a cheap penetration tester.
www.freelancer.com, or Elance.com

Ahmed Amin
0
 
LVL 53

Expert Comment

by:McKnife
ID: 40520812
Having a third party evaluate your security is not the same as doing it yourself - no matter what tools you use, no matter if you are good or not. You should have someone else do it.

cjoego, any feedback? This question is growing old.
0
 

Author Closing Comment

by:Joseph Salazar
ID: 40543408
Thank you for all of your responses.

We signed up with Rapid7 and it does a Fantastic Job.

Cjoego
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now