Solved

SBS2003 - PCI Compliance

Posted on 2014-10-14
3
182 Views
Last Modified: 2014-11-14
As a result of a PCI compliance scan, it is required "to create another logon in front of the existing logon to get a dual logon" for OWA.    We are running 2003SBS, using Exchange, IISv6 and use OWA for remote email access and OWA/Activesync for smart phone access to the Exchange email.

Any thoughts on a solution?
0
Comment
Question by:howmad2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 36

Accepted Solution

by:
Kimputer earned 500 total points
ID: 40380947
Shutdown external web access. Now create extra logins for every user, assign VPN rights.
Now every user has to use VPN (only the new user/password) works. Continue to use the services as before (using internal ip numbers). A bit more difficult to work with as before but that's probably the whole point of this PCI exercise.
Also power drain for those smartphones (always VPN on).
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 40389429
I am by no means a compliance officer, but it is my understanding that end of life software such as Exchange 2003, is a possible violation in of itself.
0
 

Author Closing Comment

by:howmad2
ID: 40442866
Excellent
0

Featured Post

IoT Devices - Fast, Cheap or Secure…Pick Two

The IoT market is growing at a rapid pace and manufacturers are under pressure to quickly provide new products. Can you be sure that your devices do what they're supposed to do, while still being secure?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Here's a look at newsworthy articles and community happenings during the last month.
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question