PCI DSS Scanning Advice


I’m looking for some advice and information on Internal PCI scanning.

I have installed Greenbone Virtual Appliance (Openvas) to pass internal PCI scanning. I have spent along time searching (and failing) to find what ports i need to scan in order to pass the PCI DSS 3.2.1 requirements. I can scan all 65k TCP & UDP ports but that scan takes days to complete and is not practical.

Do i need to scan all ports or can i scan all IANA TCP & UDP ports?

All comment and inputs are welcome.

Thank you

You need to cover at least all TCP ports. But keep in mind, you need the GSF for PCI self assessments, the community feed does not cover many enterprise products.

1 Like

Hi Lukas,

Thank you for your reply it has been very helpful.

I have reached out to Greenbone support who have put me in touch with a company to purchase a GSF key. However they have confused me, they are saying that i need to purchase the GSM One and a GSF Key.

I thought the purpose of the Virtual appliance trial is that you can use if for free on your own hardware and purchase a GSF key at a later date? I assumed it would work the same as when Greenbone support provide a trial GSF key and you upload it into the VM

Are you able to confirm if my understanding is correct?

Thank you

The feed does not work or being supportable without a “virtual appliance”. Only with GOS we can assure that all features from the feed and be utilized for policy and compliance scanning. There are millions of disfunctional uncoordinated packets out, that makes it impossible to support GSF customers. You can beam your data from a trial to a GSM one or bigger.

1 Like