PCI Compliance - v1.4.8rcX

DOWNLOAD THE LATEST FIRMWARE HERE
tylerapp
Member
 
Posts: 1
Joined: Tue Oct 17, 2017 2:00 pm
Has thanked: 0 time
Been thanked: 0 time

PCI Compliance - v1.4.8rcX

Mon Oct 23, 2017 11:38 am

We would like to access the web portal of our new Netonix switches using SSL, but our Qualys PCI scanner is detecting multiple PHP and OpenSSL Vulnerabilites (attached image).

Currently, we are running v1.4.8rcX. Are there any solutions to getting our equipment in compliance with PCI, other than shutting off the web services?
Attachments
netonix_PCI_violations.png

User avatar
mike99
Associate
Associate
 
Posts: 837
Joined: Tue Nov 25, 2014 10:53 am
Location: Quebec, Canada
Has thanked: 95 times
Been thanked: 245 times

Re: PCI Compliance - v1.4.8rcX

Mon Oct 23, 2017 12:54 pm

Best practice would be to use a management VLAN not accessible to users.

User avatar
sirhc
Employee
Employee
 
Posts: 7416
Joined: Tue Apr 08, 2014 3:48 pm
Location: Lancaster, PA
Has thanked: 1608 times
Been thanked: 1325 times

Re: PCI Compliance - v1.4.8rcX

Mon Oct 23, 2017 1:17 pm

Or you can use an access list on the switch so only certain IPs can access web interface or CLI. This security feature is in the UI.

Or you can cheat and simply block their scanning IPs
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.

User avatar
sakita
Experienced Member
 
Posts: 206
Joined: Mon Aug 17, 2015 2:44 pm
Location: Arizona, USA
Has thanked: 93 times
Been thanked: 80 times

Re: PCI Compliance - v1.4.8rcX

Tue Oct 24, 2017 2:13 pm

Any plans to update the PHP version in a future firmware release? That seems to be most what Qualys is picking up.

I see this from a few different ways. Those are all good suggestions - good practice to limit access. Identified vulnerabilities should be patched (e.g. update the version software components). Also, realize that there will always be vulnerabilities which is why there are multiple layers to security (e.g. including secure connections for financial transactions).
Today is an average day: Worse than yesterday, but better than tomorrow.

Return to Hardware and software issues

Who is online

Users browsing this forum: No registered users and 63 guests