PCI Compliance Request
I have one client on a server that annually gets a PCI scan from a third party. And this third party scan says there are vulnerabilities on several ports. The tech person for the client is saying the scan indicates the following changes need to be made:
21 " change FTP to SFTP or FTPS (secure)
25 " convert port to 465 (SSL-secured)
110 " convert POP port to SSL-secured 995
143 " convert IMAP port to SSL-secured 993
587 " SMTP alternate port closed or converted to 465
I have never seen a PCI compliance request like this. It seems very disruptive to all the other clients who may be using these services. Has anyone else seen this and if so, how have you dealt with it?
-
Hello :) Could you have them provide you with the full PCI compliance report as opposed to just the suggested resolutions? This should help pinpoint what changes can be made. Thank you. 0 -
Hi - We had to do this too. And once you've closed the non-SSL ports, the scan will probably indicate that SSLv3 is being accepted, so you'll have to disallow it and only allow TLS with high-grade ciphers. This prevents the POODLE attack. This will require all email clients to switch their SMTP and POP/IMAP ports. Unfortunately, some email clients, like folks with older Mac Mail, don't support TLS, so they'll be locked out. Another solution is to offload the mail server onto another machine, where it isn't subject to PCI requirements. 0 -
"Could you have them provide you with the full PCI compliance report as opposed to just the suggested resolutions? This should help pinpoint what changes can be made." I now have the complete PCI compliance report. But the mystery continues. I am told the client has had their PCI compliance approved for the year, in spite of the failures indicated in the scan. So, at least for now, the issue is moot. This happened last year as well when only OpenSSH was an issue and I provided information that OpenSSH was current and secure in spite of what the scan said. 0
Please sign in to leave a comment.
Comments
3 comments