troubleshooting Question

Issues with PCI compliance and being a small company.

Avatar of techitch2
techitch2Flag for United States of America asked on
OS SecuritySecurity
8 Comments4 Solutions203 ViewsLast Modified:
My accounting department set up a credit card merchant account without my knowledge.  I was getting Trustwave scan notices but they were going into my junk mail for a while.  I just so happened to examine one of these "junk" mails one day and with a little digging found out that we were in fact signed up to process CC with a merchant account and were subject to the PCI compliance scans.  We used to have a swipe machine that ran on a analog phone line and apparently it was too much work for accounting to get up from their desks to use the swipe machine for the 5 to 8 credit cards we get a month.  We do not store any CC information here.  It is basically just run through a website.   So once I realized what was going on we had been failing scans for a while.  I initially fixed the issues we were failing for.  One issue with our VPN and another with my remote access to my firewall which i had to close.  I also have been noticing i fix one thing and get a good scan and then the next scan they nit pick about something else......and so on.  It seems never ending.  Now we are right back to failing again for issues related to remote desktop/terminal server I believe.  

1. TLSv1.0 Supported:  This service supports the use of the TLSv1.0 protocol. The TLSv1.0 protocol has known cryptographic weaknesses that can lead to the compromise of sensitive data within an encrypted session. Additionally, the PCI SSC and NIST have determined that the TLSv1.0 protocol no longer meets the definition of strong cryptography.

2. SSL/TLS Weak Encryption Algorithms:  The SSL-based service running on this host appears to support the use of "weak" ciphers such as:
- Ciphers suites that have key-lengths of less than 128 bits.
- Ciphers suites using anonymous Diffie-Hellman algorithms (no authentication).
- Ciphers suites offering no encryption.
- Ciphers suites using pre-shared keys.
- Ciphers suites using RC4 or MD5.

3. (Has shown up in the latest scan). Insecure Certificate Signature Algorithm in Use: This finding indicates that SHA-1 and/or MD5 hashing algorithms have been detected during your scan.

These are showing up for ports that I have for machines that are being used for remote desktop & my terminal server.  I have been reading and from what I see if i were to alter TLSv1 that remote desktop will no longer work.  This is no good.  We have remote offices who remote into my servers to do business.  If these are known issues is Microsoft going to patch or correct these issues?  Or does anyone know how I can remedy these 3 issues while keeping my terminal servers available?  I see that there are third party companies that will handle CC transactions but they change a fee on top of the fee we are already being charges for excepting a cc.  How do small companies that only get a handful of CC a month do this?  If anyone has an information on how I can clear any of these three issues it would be much appreciated.
ASKER CERTIFIED SOLUTION
schaps

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Log in to continue reading
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform for $9.99/mo
View membership options
Unlock 4 Answers and 8 Comments.
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
The Value of Experts Exchange in My Daily IT Life

Experts Exchange (EE) has become my company's go-to resource to get answers. I've used EE to make decisions, solve problems and even save customers. OutagesIO has been a challenging project and... Keep reading >>

Mike

Owner of Outages.IO
Phoenix, Arizona, United States
Member Since 2016
Join a full scale community that combines the best parts of other tools into one platform.
Unlock 4 Answers and 8 Comments.
View membership options
“All of life is about relationships, and EE has made a virtual community a real community. It lifts everyone's boat.”
William Peck

Member since 2004