Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 189
  • Last Modified:

SBS2003 - PCI Compliance

As a result of a PCI compliance scan, it is required "to create another logon in front of the existing logon to get a dual logon" for OWA.    We are running 2003SBS, using Exchange, IISv6 and use OWA for remote email access and OWA/Activesync for smart phone access to the Exchange email.

Any thoughts on a solution?
0
howmad2
Asked:
howmad2
1 Solution
 
KimputerCommented:
Shutdown external web access. Now create extra logins for every user, assign VPN rights.
Now every user has to use VPN (only the new user/password) works. Continue to use the services as before (using internal ip numbers). A bit more difficult to work with as before but that's probably the whole point of this PCI exercise.
Also power drain for those smartphones (always VPN on).
0
 
Gareth GudgerCommented:
I am by no means a compliance officer, but it is my understanding that end of life software such as Exchange 2003, is a possible violation in of itself.
0
 
howmad2Author Commented:
Excellent
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now