DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

PCI Compliance

  • mattfletcher
  • Topic Author
  • Offline
  • New Member
  • New Member
More
13 Dec 2010 11:47 #65234 by mattfletcher
PCI Compliance was created by mattfletcher
Hello, our external IP is being tested for PCI compliance and we are failing with the following messages. Does anyone know what needs to be updated or perhaps disabled - it's a Vigor2910.

TCP 443 https 4 Synopsis : The remote service supports the use of weak SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all. Note: [More]

TCP 443 https 4 Synopsis : The remote service supports the use of anonymous SSL ciphers. Description : The remote host supports the use of anonymous SSL ciphers. While this enables an administrator to set up a [More]

TCP 443 https 4 Synopsis : The remote service supports the use of medium strength SSL ciphers. Description : The remote host supports the use of SSL ciphers that offer medium strength encryption, which we currently [More]

Please Log in or Create an account to join the conversation.

More
13 Dec 2010 12:31 #65235 by njh
Replied by njh on topic PCI Compliance
Have you got remote administration enabled or disabled?

2900Gi/v2.5.6; 2900/v2.5.6

Please Log in or Create an account to join the conversation.

  • mattfletcher
  • Topic Author
  • Offline
  • New Member
  • New Member
More
14 Dec 2010 17:21 #65253 by mattfletcher
Replied by mattfletcher on topic PCI Compliance
Disabled.

Please Log in or Create an account to join the conversation.

More
20 Dec 2010 18:46 #65327 by benji
Replied by benji on topic PCI Compliance
If its disabled and your IP is being scanned externally surely that suggests you have port 443 open and a HTTPS server behind the Draytek that is triggering the result?

Please Log in or Create an account to join the conversation.

  • mattfletcher
  • Topic Author
  • Offline
  • New Member
  • New Member
More
21 Dec 2010 10:17 #65332 by mattfletcher
Replied by mattfletcher on topic PCI Compliance
Allow management from the Internet is off

There are no ports set up on NAT

There is no DMZ defined

There are no items listed in "open ports"

I don't know where else to look. I've done a portscan from outside and it does not show 443 as open.

Please Log in or Create an account to join the conversation.

  • mattfletcher
  • Topic Author
  • Offline
  • New Member
  • New Member
More
06 Jan 2011 11:41 #65494 by mattfletcher
Replied by mattfletcher on topic PCI Compliance
Does anyone have any more ideas on this?

Please Log in or Create an account to join the conversation.

Moderators: Sami