问题

PCI DSS合规性

  • 2020年11月5日
  • 2个答复
  • 305次观看
e

我们对PCI DSS符合AOS节点有4个发现:

1. 57608-不需要SMB签名
远程SMB服务器不需要签名。
5.3(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N:N)
TCP端口445

2. 84502 -HTTPS服务器缺少HST
远程Web服务器没有执行HST。
6.5(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/A:n:n)
TCP港口5989

3. 51192 -SSL证书无法信任
无法信任此服务的SSL证书。
6.5(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/A:n:n)
TCP港口5989

4. 57582 -SSL自签名证书
该服务的SSL证书链以未认可的自签名证书结束。
6.4(cvss2#av:n/ac:l/au:n/c:p/i:p/a:n:n)
TCP港口5989

我可以知道如何解决吗?

    we had 4 finding for pci dss compliance on AOS node :<\/p>

    1. 57608 - SMB Signing not required
    Signing is not required on the remote SMB server.
    5.3 (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:L\/A:N)
    tcp port 445<\/p>

    2. 84502 - HSTS Missing From HTTPS Server
    The remote web server is not enforcing HSTS.
    6.5 (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N)
    tcp port 5989<\/p>

    3. 51192 - SSL Certificate Cannot Be Trusted
    The SSL certificate for this service cannot be trusted.
    6.5 (CVSS:3.0\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N)
    tcp port 5989<\/p>

    4. 57582 - SSL Self-Signed Certificate
    The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
    6.4 (CVSS2#AV:N\/AC:L\/Au:N\/C:P\/I:P\/A:N)
    tcp port 5989<\/p>

    may i know how to solve it ?<\/p>","quoteUsername":"estint","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

    2个答复

    阿罗纳
    秩
    UserLevel 6
    徽章 +5

    嗨,埃斯汀,

    我相信现在有一个支持案例。我将在此处发布答案,以使其他成员受益。

    帮助合规使用流安全中心被推荐。

    • 对安全合规性的可见性:FSC为企业提供了安全热图,并对环境的安全姿势完全可见。FSC还根据行业的最佳实践,使用800多次自动审计检查来确定任何安全漏洞。
    • 优化安全合规性:FSC为云操作员提供一键功能,以轻松解决其安全问题。FSC还提供了开箱即用的安全策略,以自动化公共法规合规性策略的支票,例如HIPAA,PCI-DSS,CIS等。
    • 控制安全合规性:FSC帮助您设定策略,以实时检测安全漏洞并自动化修复它们所需的操作。您还可以在FSC中创建自定义审核检查,以满足您特定于业务的安全性需求。

    升级到最近的AOS版本是另一个好主意。

    Hi estint,<\/p>

    \u00a0<\/p>

    I believe there is a support case raised for this now. I will post the answer here for the benefit of other members.<\/p>

    To help with compliance use of Flow Security Central<\/a> is recommended.<\/p>

    v

    我们的扫描还显示了CVM/Prism上的“不需要SMB签名”漏洞。

    这个问题有更新吗?

    谢谢

    Our scan\u2019s also show \u201cSMB Signing not required\u201d vulnerability on CVM\/Prism.<\/p>

    Is there an update to this question?<\/p>

    thanks<\/p>","quoteUsername":"Vicemil","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

    回复


    Learn more about our cookies.<\/a>","cookiepolicy.button":"Accept cookies","cookiepolicy.button.deny":"Deny all","cookiepolicy.link":"Cookie settings","cookiepolicy.modal.title":"Cookie settings","cookiepolicy.modal.content":"We use 3 different kinds of cookies. You can choose which cookies you want to accept. We need basic cookies to make this site work, therefore these are the minimum you can select. Learn more about our cookies.<\/a>","cookiepolicy.modal.level1":"Basic
    Functional","cookiepolicy.modal.level2":"Normal
    Functional + analytics","cookiepolicy.modal.level3":"Complete
    Functional + analytics + social media + embedded videos"}}}">
    Baidu