• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

WebDAV and PCI compliance?

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security

View previous topic :: View next topic  
Author Message
moondoggie
Lurker
Lurker


Joined: 27 May 2005
Posts: 19


Offline

PostPosted: Wed May 25, 2011 4:03 am    Post subject: WebDAV and PCI compliance? Reply with quote

i have a client who needs to keep PCI compliant who has remote users that connect via VPN to the main office to access network shares. the VPN has been set up for so long that nobody remembers how to add new users or change passwords. i want to suggest a WebDAV setup but i don't know what that will do to their PCI compliance. does anyone here have any experience with this setup?
Back to top
View user's profile Send private message
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Wed May 25, 2011 10:28 am    Post subject: Reply with quote

Why is the user VPN solution is scope of PCI? Normally I would expect only the payment systems, which are segregated, to be in scope. Otherwise you could have a compliance nightmare when it comes to user desktops etc.

Fire Ant
Back to top
View user's profile Send private message
moondoggie
Lurker
Lurker


Joined: 27 May 2005
Posts: 19


Offline

PostPosted: Wed May 25, 2011 5:11 pm    Post subject: Reply with quote

the company who does our PCI scans always flag the open VPN ports as a weakness, but not full critical problem, with the compliance. they also flag our ISP gateway as a problem preventing us from being fully compliant, despite the ISPs assurances they have it locked down for compliance. i suppose i should be asking this to the PCI folks, but i thought i'd post it here for any second opinions.
Back to top
View user's profile Send private message
Fire Ant
Trusted SF Member
Trusted SF Member


Joined: 27 Jun 2008
Posts: 3
Location: London

Offline

PostPosted: Wed May 25, 2011 5:26 pm    Post subject: Reply with quote

Hey Moondoggie,

I would get another ASV. They obviously don't know what they are doing or are happy to do something which you don't need either way sounds dodgy. You shouldn't waste time and money scanning something which is clearly not in scope. But you are right, it is a question for your QSA.

Fire Ant
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Firewalls // Intrusion Detection - External Security All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register