This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.
Course Of The Month
4 days, 23 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
PCI Compliance Certification and FortiManager
Posted on 2014-11-20
My company is in the final stages of acquiring a PCI Compliance certification. We're one scanned tested away from obtaining this however the scans that are failing has traffic being directed to a FortiManager appliance. The appliance is a VM, running on a Gen8 HP BL460 blade server with ESXi 5.0 as the Hypervisor. Per Fortinet, the ports that are required to run are 22, 443, 6022, 6023, 53, 123, 514, 541, and 161. Initially we had a full PAT from our external IP address to the internal IP address and so the vulnerability scan was picking up other vulnerabilities. I setup firewall objects for each port and rewrote the policy to pass traffic on those ports only. The scan comes back and and says that we're still failing on 22 and 443, which are secure, right? Our FortiManager appliance is running at 5.0.6 currently. There ARE newer versions of firmware which I'm not going to ignore as an option, but I want to be certain this is going to resolve my issue before spending the time to update the appliance. Fortinet's technical support hasn't been much help, ironically, although I suspect the issue their is a matter of customer service, not intelligence.
Has anyone had to deal with PCI compliance and Fortinet Appliances? Can someone tell me that fix for this is just to upgrade the appliance's firmware? Any help would be appreciated.
Has anyone had to deal with PCI compliance and Fortinet Appliances? Can someone tell me that fix for this is just to upgrade the appliance's firmware? Any help would be appreciated.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
1 Comment
Active today
You need to see the error in specific to 22 and 443. The port does not mean secure and compliant, my take on possible area
a) clear traffic still go through like any other port though it should be implementing proper key exchange and encryption or even the expected protocol services
b) use of weak crypto cipher in 22 and 443
c) unpatched or vulnerable services in 22 and 443
d) trigger signature of exploits existence or matched in scanner db
e) false positive
a) clear traffic still go through like any other port though it should be implementing proper key exchange and encryption or even the expected protocol services
b) use of weak crypto cipher in 22 and 443
c) unpatched or vulnerable services in 22 and 443
d) trigger signature of exploits existence or matched in scanner db
e) false positive
Featured Post
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses
Course of the Month4 days, 23 hours left to enroll
688 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.