I have a hosted 2008 R2 web server that I need to make PCI compliant. This server will process credit card transactions so I am running the external vulnerability scans against it. Below are the results from the most recent scan. Below you will also see the remaining enabled firewall rules.
In response to the scan results below, I disabled all core networking and networking rules in the firewall. I am not sure how much this may or may not of taken care of yet b/c a new scan takes 24-72 hours to get done.
I need to make sure I have removed all of these vulnerabilities and would like some advice on how to go about doing that. I think I am close, I just need a little more help.