PCI Compliance Port Scans

OnsiteComputerDoctor used Ask the Experts™
During our PCI compliance scan, we show as having two ports open for remote access.

8081 for Web Help Desk
8040 for Screen Connect

These are both web based apps that are open to my public address.

Is there a way to secure these ports to avoid failing compliancy?  My thought is to segregate them.

Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Luke SmithSenior Manager, Production Engineering
if you are scanning a router or firewall you can put an ACL in place to only allow access to those ports via specific IP addresses or if they aren't needed then you could disable the ports. LAN segmentation is also an option, but if you are doing NAT and the scanning IP isn't changing then the ACL is the better option.
Exec Consultant
Distinguished Expert 2018
Ensure ssl tls is up or minimally some sort of vpn such as ipsec to these port access. Data in transit should not be in plain. If ssl is used go for tls 1.2 if possible. Ensure data at store and in use are encrypted esp those with your credit card and personal details. Best that the scope of data access are managed and refrain from sending over to public in plain. Lesser scope of where such data touches, lesser priority to ensure protection is robust and adequate. PCI checks look out for 'naked' information running or serving to client user in the whole processes.

IP whitelisting will be good at FW or via reverse proxy filter fronting the server. As mentiined the Nat will hide if internal IP addressing too. I also suggest exploring application delivery ontroller such as F5 LTM and ASM with web appl FW capabilities to fend off web attacks.
Thanks for your input!!!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial