PCI Compliance Port Scans

During our PCI compliance scan, we show as having two ports open for remote access.

8081 for Web Help Desk
8040 for Screen Connect

These are both web based apps that are open to my public address.

Is there a way to secure these ports to avoid failing compliancy?  My thought is to segregate them.

Best
LVL 1
OnsiteComputerDoctorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Luke SmithSenior Manager, Production EngineeringCommented:
if you are scanning a router or firewall you can put an ACL in place to only allow access to those ports via specific IP addresses or if they aren't needed then you could disable the ports. LAN segmentation is also an option, but if you are doing NAT and the scanning IP isn't changing then the ACL is the better option.
1
btanExec ConsultantCommented:
Ensure ssl tls is up or minimally some sort of vpn such as ipsec to these port access. Data in transit should not be in plain. If ssl is used go for tls 1.2 if possible. Ensure data at store and in use are encrypted esp those with your credit card and personal details. Best that the scope of data access are managed and refrain from sending over to public in plain. Lesser scope of where such data touches, lesser priority to ensure protection is robust and adequate. PCI checks look out for 'naked' information running or serving to client user in the whole processes.

IP whitelisting will be good at FW or via reverse proxy filter fronting the server. As mentiined the Nat will hide if internal IP addressing too. I also suggest exploring application delivery ontroller such as F5 LTM and ASM with web appl FW capabilities to fend off web attacks.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
OnsiteComputerDoctorAuthor Commented:
Thanks for your input!!!!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.