We would like to access the web portal of our new Netonix switches using SSL, but our Qualys PCI scanner is detecting multiple PHP and OpenSSL Vulnerabilites (attached image).
Currently, we are running v1.4.8rcX. Are there any solutions to getting our equipment in compliance with PCI, other than shutting off the web services?
PCI Compliance - v1.4.8rcX
- tylerapp
- Member
- Posts: 1
- Joined: Tue Oct 17, 2017 2:00 pm
- Has thanked: 0 time
- Been thanked: 0 time
-
mike99 - Associate
- Posts: 837
- Joined: Tue Nov 25, 2014 10:53 am
- Location: Quebec, Canada
- Has thanked: 95 times
- Been thanked: 245 times
Re: PCI Compliance - v1.4.8rcX
Best practice would be to use a management VLAN not accessible to users.
-
sirhc - Employee
- Posts: 7416
- Joined: Tue Apr 08, 2014 3:48 pm
- Location: Lancaster, PA
- Has thanked: 1608 times
- Been thanked: 1325 times
Re: PCI Compliance - v1.4.8rcX
Or you can use an access list on the switch so only certain IPs can access web interface or CLI. This security feature is in the UI.
Or you can cheat and simply block their scanning IPs
Or you can cheat and simply block their scanning IPs
Support is handled on the Forums not in Emails and PMs.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
Before you ask a question use the Search function to see it has been answered before.
To do an Advanced Search click the magnifying glass in the Search Box.
To upload pictures click the Upload attachment link below the BLUE SUBMIT BUTTON.
-
sakita - Experienced Member
- Posts: 206
- Joined: Mon Aug 17, 2015 2:44 pm
- Location: Arizona, USA
- Has thanked: 93 times
- Been thanked: 80 times
Re: PCI Compliance - v1.4.8rcX
Any plans to update the PHP version in a future firmware release? That seems to be most what Qualys is picking up.
I see this from a few different ways. Those are all good suggestions - good practice to limit access. Identified vulnerabilities should be patched (e.g. update the version software components). Also, realize that there will always be vulnerabilities which is why there are multiple layers to security (e.g. including secure connections for financial transactions).
I see this from a few different ways. Those are all good suggestions - good practice to limit access. Identified vulnerabilities should be patched (e.g. update the version software components). Also, realize that there will always be vulnerabilities which is why there are multiple layers to security (e.g. including secure connections for financial transactions).
Today is an average day: Worse than yesterday, but better than tomorrow.
4 posts
Page 1 of 1
Who is online
Users browsing this forum: No registered users and 27 guests