<div>
Thanks very much.<br />
<br />
If our site to site vpn currently uses self-signed certs (not a cert from a CA), does it hv any bearing on SHA1 being deprecated? &nbsp;Or as long as we use an MS product (eg Outlook or IE) at both sites, we will be affected? &nbsp;But the 2 sites' vpn are Checkpoint n Watchguard which dont deprecate SHA1? &nbsp;Hope I am not saying no-sense<br />
<br />
Secondly as site to site vpn is for encryption n protection against MITMA, does collision attacks weaken the encryption or the mitigation against MITMA?
</div>


Thanks very much.

If our site to site vpn currently uses self-signed certs (not a cert from a CA), does it hv any bearing on SHA1 being deprecated?  Or as long as we use an MS product (eg Outlook or IE) at both sites, we will be affected?  But the 2 sites' vpn are Checkpoint n Watchguard which dont deprecate SHA1?  Hope I am not saying no-sense

Secondly as site to site vpn is for encryption n protection against MITMA, does collision attacks weaken the encryption or the mitigation against MITMA?

<div>
Typo correction, should read:<br />
 But the 2 sites' vpn endpoints &nbsp;are created between Checkpoint n Watchguard ...
</div>


Typo correction, should read:
 But the 2 sites' vpn endpoints  are created between Checkpoint n Watchguard ...

<div>
<div class="content wysiwyg-content">
I'm looking for a PCI DSS compliance doc that specifies what are the scope &amp;&nbsp;areas the compliance covers.<br />
<br />
Is PCI DSS compliance applicable to site to site VPN? &nbsp;If so, did it say it must use SHA2 &amp;&nbsp;not SHA1 by a certain date?<br />
If we can't get SHA2 working, is there a workaround?
</div>
</div>


I'm looking for a PCI DSS compliance doc that specifies what are the scope & areas the compliance covers.

Is PCI DSS compliance applicable to site to site VPN?  If so, did it say it must use SHA2 & not SHA1 by a certain date?
If we can't get SHA2 working, is there a workaround?

Is PCI DSS compliance applicable to site to site VPN

Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. In an encryption scheme, the intended communication information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses a pseudo-random encryption key generated by an algorithm. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.

Encryption

Network security consists of the policies adopted to prevent and monitor authorized access, misuse, modification, or denial of a computer network and network-accessible resources. Network security involves the authorization of access to data in a network, and covers a variety of computer networks; conducting transactions and communications among businesses, government agencies and individuals. Networks can be private, such as within a company, and others which might be open to public access.

Network Security

Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection.  Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.

Security

A virtual private network (VPN) is a network that uses a public telecommunication infrastructure, such as the Internet, to provide remote offices or travelling users access to a central organizational network securely. VPNs encapsulate data transfers using secure cryptographic methods and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted.

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.