PCI Compliance Port Scans

During our PCI compliance scan, we show as having two ports open for remote access.

8081 for Web Help Desk
8040 for Screen Connect

These are both web based apps that are open to my public address.

Is there a way to secure these ports to avoid failing compliancy?  My thought is to segregate them.

Best
LVL 1
OnsiteComputerDoctorAsked:
Who is Participating?
 
btanConnect With a Mentor Exec ConsultantCommented:
Ensure ssl tls is up or minimally some sort of vpn such as ipsec to these port access. Data in transit should not be in plain. If ssl is used go for tls 1.2 if possible. Ensure data at store and in use are encrypted esp those with your credit card and personal details. Best that the scope of data access are managed and refrain from sending over to public in plain. Lesser scope of where such data touches, lesser priority to ensure protection is robust and adequate. PCI checks look out for 'naked' information running or serving to client user in the whole processes.

IP whitelisting will be good at FW or via reverse proxy filter fronting the server. As mentiined the Nat will hide if internal IP addressing too. I also suggest exploring application delivery ontroller such as F5 LTM and ASM with web appl FW capabilities to fend off web attacks.
1
 
Luke SmithConnect With a Mentor Senior Manager, Production EngineeringCommented:
if you are scanning a router or firewall you can put an ACL in place to only allow access to those ports via specific IP addresses or if they aren't needed then you could disable the ports. LAN segmentation is also an option, but if you are doing NAT and the scanning IP isn't changing then the ACL is the better option.
1
 
OnsiteComputerDoctorAuthor Commented:
Thanks for your input!!!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.