Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. users
Credit Card Data
Pete.Hill at Sit-Up
Oct 20, 2008, 1:44 AM
Post #1 of 3 (3331 views)
Permalink
Hi there,

I am currently running through an audit of my estate and am trying to
find a tool that can scan the entire network and let me know where there
are any credit card details being stored.

We have a secure set up at the moment, but we are going to be
professionally auditted soon and the auditors have mentioned they have a
tool/s that will perform this check for us. I simply want to run
through this procedure first to make sure there are no surprises when
they come in. I am comfortable that I know where our data is stored,
but want to ensure a user hasnt copied something somewhere they shouldnt
have!

Can Nessus help me do this either on its own or in conjunction with
a.n.other tool/s?

Regards
Pete


Pete Hill
IS Security Engineer


Sit-Up House
179-181 The Vale
London
W3 7RW

020 8600 9700
020 8328 3424

07530 892686




Pete.Hill@sit-up.tv <mailto:Pete.Hill@sit-up.tv>

http://www.sit-up.tv <http://www.sit-up.tv/>
http://www.bid.tv <http://www.bid.tv/>
http://www.price-drop.tv <http://www.price-drop.tv/>
http://www.speedauction.tv <http://www.speedauction.tv/>



Note: To protect against computer viruses, e-mail programs may prevent sending or receiving certain types of file attachments. Check your e-mail security settings to determine how attachments are handled.


A number of bogus e-mails are currently circulating in the UK encouraging customers to visit fraudulent websites where personal or Internet security details are requested. Bid tv/Price-drop tv/Speed auction tv would never send e-mails that ask for confidential, personal security information or details regarding your account status.

The content of this e-mail does not constitute a contract and any matters discussed herein remain subject to contract.

The contents of this message and all attachments have been sent in confidence for the attention of the addressee only. If you are not the intended recipient you are kindly requested to preserve this confidentiality and to advise the sender immediately of the error in transmission.

"sit-up ltd, registered in England No: 03877786.
Registered Office: sit-up House, 179-181 The Vale, London W3 7RW.
sit-up ltd is wholly owned by a subsidiary of Virgin Media."

Attached Files:

Re: Credit Card Data [ In reply to ]
raleel at gmail
Oct 20, 2008, 5:07 AM
Post #2 of 3 (3175 views)
Permalink
Nessus, the professional version, can do this on windows targets. You could
use the windows file checks to do so. I believe there might even be a policy
already written up for this available for download.

On Mon, Oct 20, 2008 at 1:44 AM, Hill, Pete <Pete.Hill@sit-up.tv> wrote:

> Hi there,
>
> I am currently running through an audit of my estate and am trying to find
> a tool that can scan the entire network and let me know where there are any
> credit card details being stored.
>
> We have a secure set up at the moment, but we are going to be
> professionally auditted soon and the auditors have mentioned they have a
> tool/s that will perform this check for us. I simply want to run through
> this procedure first to make sure there are no surprises when they come in.
> I am comfortable that I know where our data is stored, but want to ensure a
> user hasnt copied something somewhere they shouldnt have!
>
> Can Nessus help me do this either on its own or in conjunction with
> a.n.other tool/s?
>
> Regards
> Pete
>
>
> Pete Hill
> *IS Security Engineer*
>
>
> Sit-Up House
> 179-181 The Vale
> London
> W3 7RW
>
> 020 8600 9700
> 020 8328 3424
>
> 07530 892686
>
>
>
>
> *Pete.*Hill@sit-up.tv <Pete.Hill@sit-up.tv>
>
> http://www.sit-up.tv
> http://www.bid.tv
> http://www.price-drop.tv
> http://www.speedauction.tv
>
>
> Note: To protect against computer viruses, e-mail programs may prevent
> sending or receiving certain types of file attachments. Check your e-mail
> security settings to determine how attachments are handled.
>
>
>
>
>
> A number of bogus e-mails are currently circulating in the UK encouraging
> customers to visit fraudulent websites where personal or Internet security
> details are requested. Bid tv/Price-drop tv/Speed auction tv would never
> send e-mails that ask for confidential, personal security information or
> details regarding your account status.
>
>
>
> The content of this e-mail does not constitute a contract and any matters
> discussed herein remain subject to contract.
>
>
>
> The contents of this message and all attachments have been sent in
> confidence for the attention of the addressee only. If you are not the
> intended recipient you are kindly requested to preserve this confidentiality
> and to advise the sender immediately of the error in transmission.
>
>
>
> "sit-up ltd, registered in England No: 03877786.
>
> Registered Office: sit-up House, 179-181 The Vale, London W3 7RW.
>
> sit-up ltd is wholly owned by a subsidiary of Virgin Media."
>
>
>
> _______________________________________________
> Nessus mailing list
> Nessus@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/nessus
>



--
Doug Nordwall
Unix, Network, and Security Administrator
You mean the vision is subject to low subscription rates?!!? - Scott Stone,
on MMORPGs

Attached Files:

Re: Credit Card Data [ In reply to ]
rgula at tenablesecurity
Oct 20, 2008, 6:50 AM
Post #3 of 3 (3172 views)
Permalink
Hill, Pete wrote:
> Hi there,
>
> I am currently running through an audit of my estate and am trying to
> find a tool that can scan the entire network and let me know where there
> are any credit card details being stored.
>
> We have a secure set up at the moment, but we are going to be
> professionally auditted soon and the auditors have mentioned they have a
> tool/s that will perform this check for us. I simply want to run
> through this procedure first to make sure there are no surprises when
> they come in. I am comfortable that I know where our data is stored,
> but want to ensure a user hasnt copied something somewhere they shouldnt
> have!
>
> Can Nessus help me do this either on its own or in conjunction with
> a.n.other tool/s?

Hi Pete,

Yes. If you see the "Nessus Introduction" video, there is an example of
looking for credit card numbers located here: http://www.nessus.org/demos/

The original Tenable blog concerning this release is located here:
http://blog.tenablesecurity.com/2007/03/detecting_credi.html

Keep in mind we've since re-branded the "Direct Feed" to the "Professional
Feed". Another similar blog which identifies "Top Secret" and other typs
of government keywords is here:

http://blog.tenablesecurity.com/2007/05/searching_for_c.html

And lastly, there was a popular blog about how as a consultant you can scan
a network for SSNs and CCNs here:

http://blog.tenablesecurity.com/2007/08/finding-sensiti.html

The current set of audit polices for Nessus Professional Feed and Security
Center users available on the Tenable Support Portal include searches for
Credit Cards, Adult Media, Corporate info such as budgets and employee lists,
financial statements, wire transfer logs, NDAs, Classified documents
(Top Secret, Secret, .etc), EDI health care data, Driver's licenses and
Social Security Numbers.

Ron Gula
Tenable Network Security

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal