• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 77
  • Last Modified:

PCI compliance --

PCI compliance failed.

Hi there experts,

A customer asked me to look at why their pci scan failed. The failing row shows TLS v.1.0, the public IP address, and 3389 port.  Evidently it failed because of TLSv1 but I can't find the source of it. At first I thought port forwarding was enable on the router but it was not the case, then i checked to see if the server we added months ago had rdp enabled, it didn't. I then ran an nmap scan and  and 3389 is not open on any host.  My hypothesis is that a host (may be a laptop) with rdp enabled was connected to the network at the time of the scan but they told me that was not the case. I scheduled another scan  but it won't run until tomorrow...

Has anyone dealt with something like this before? can the scan show that's a tls v1 on a port that's not enabled?
0
jorge diaz
Asked:
jorge diaz
1 Solution
 
Jose Gabriel Ortega CEE Solution Guide - CEO Faru Bonon ITCommented:
It can.

What version of windows OS are you running?

They are usually used on web servers from 2008 R2, by default 2012 R2 takes (tls 1.2) but tls 1.0 needs to be disabled to comply (PCI).

Here's a script that after running it you will get disabled the TLS1.0 and another PCI-compliance setting called SWEET32.

https://gallery.technet.microsoft.com/scriptcenter/Solve-SWEET32-Birthday-d2df9cf1
0
 
masnrockCommented:
Well, since there are port scans, a bit more detail might help. But I would ask three questions to you:
1) Can the firewall be managed remotely?
2) What is RDP in use for? RDP would fail for PCI compliance. Require that users connect to the VPN first, then RDP in. That way, you can close port 3389 open on your firewall.
3) Have you checked the registry on the Windows server? Scroll to the appropriate TLS version in this MS article: https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now