This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASG 220 - 7.511 - Vulnerability Scan - PCI Compliance

As part of our migration to a new credit card processing service - the vendor required a Vulnerability Scan to be run against our firewall (ASG 220 - 7.511).

The ASG almost escaped unscathed - other than an issue with SSLv2 (tcp/3400). Apparently our ASG220 accepted a SSLv2 connection. SSLv2 has some known "cryptographic weaknesses" that make it no PCI compliant. Obviously this is an old protocol...

Not sure if this is configurable - or has been resolved in newer firmware/updates (we tend to lag a bit behind the "bleeding edge" on updates).

A secondary issue also was flagged - in that the "System Responds to SYN+FIN TCP Packets"...

Any thoughts or suggestions.

This thread was automatically locked due to age.

Parents

0 BarryG over 13 years ago

BTW, if the above didn't help and you you need to 'fix' the SSL issue for the scan,

1. remove the ANY or Internet definition from 'Allowed Networks' for webadmin, and add in your admin networks.

2. do the same for the end-user portal, or disable it

3. you may also need to disable the SSL VPN.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 13 years ago

BTW, if the above didn't help and you you need to 'fix' the SSL issue for the scan,

1. remove the ANY or Internet definition from 'Allowed Networks' for webadmin, and add in your admin networks.

2. do the same for the end-user portal, or disable it

3. you may also need to disable the SSL VPN.

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data