Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Failing PCI compliance
  •  
nhoague

Messages: 853
Karma: 18
Send a private message to this user
Does anyone have any experience with getting a Control to pass the PCI compliance?

They are saying we are susceptible to BEAST attack, and a whole ton of other problems. From what I can tell its all based on web redirects and stuff that shouldnt matter, IMO.

Thoughts?

See attached file for the complete list of problems.

  •  
Brian (GFI/Kerio)

Messages: 745
Karma: 71
Send a private message to this user
It looks like it's based on the web interface for administration running on port 4081. Are you running the latest version? There were some updates to SSL in the 8.6 release. You might consider administration through MyKerio. In this case you don't need to expose the administration port. Another possibility is to run your administration through the reverse proxy and close remote access to the admin port.

Brian Carmichael
Instructional Content Architect
  •  
nhoague

Messages: 853
Karma: 18
Send a private message to this user
I may end up just disabling the admin port and see if that passes. If so, I'll have to just VPN in to manage. Not biggie, it is running 8.6 already.

Also getting some alerts that port 5060 is open, well it has to for Operator, any thoughts on that? This is for their main location.

And they don't like port 4090 being open either, but we have a VPN tunnel between the two locations. Does this seem odd? How would Cisco or Juniper do the same thing? I would suspect they have problems with the same scenario?

[Updated on: Tue, 28 July 2015 22:15]

  •  
Brian (GFI/Kerio)

Messages: 745
Karma: 71
Send a private message to this user
It seems that the violations are only related to the web admin port. So if you lock down 4081 everything should be fine.

Brian Carmichael
Instructional Content Architect
  •  
nhoague

Messages: 853
Karma: 18
Send a private message to this user
Im going to try that on the next scan. Obviously not a major problem, Im just more curious if anyone else has come across this issue?
  •  
Brian (GFI/Kerio)

Messages: 745
Karma: 71
Send a private message to this user
Actually, I believe the fix is noted in this article http://kb.kerio.com/product/kerio-control/server-configurati on-kerio-control/modifying-parameters-in-kerio-control-confi guration-1745.html
At the bottom is an example to force TLS 1.1, try it.

Brian Carmichael
Instructional Content Architect
Previous Topic: Control on UPS
Next Topic: Port Forwarding Not Working
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Sep 26 00:29:53 CEST 2017

Total time taken to generate the page: 0.00416 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.