[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 191
  • Last Modified:

SBS2003 - PCI Compliance

As a result of a PCI compliance scan, it is required "to create another logon in front of the existing logon to get a dual logon" for OWA.    We are running 2003SBS, using Exchange, IISv6 and use OWA for remote email access and OWA/Activesync for smart phone access to the Exchange email.

Any thoughts on a solution?
0
howmad2
Asked:
howmad2
1 Solution
 
KimputerCommented:
Shutdown external web access. Now create extra logins for every user, assign VPN rights.
Now every user has to use VPN (only the new user/password) works. Continue to use the services as before (using internal ip numbers). A bit more difficult to work with as before but that's probably the whole point of this PCI exercise.
Also power drain for those smartphones (always VPN on).
0
 
Gareth GudgerCommented:
I am by no means a compliance officer, but it is my understanding that end of life software such as Exchange 2003, is a possible violation in of itself.
0
 
howmad2Author Commented:
Excellent
0

Featured Post

The Lifecycle Approach to Managing Security Policy

Managing application connectivity and security policies can be achieved more effectively when following a framework that automates repeatable processes and ensures that the right activities are performed in the right order.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now