PCI Compliance Failure
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Business
- :
- PCI Compliance Failure
PCI Compliance Failure
03-12-2018 8:44 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I recently failed PCI compliance scan on the following:
- DNS Server Recursive Query Cache Poisoning Weakness
- DNS Server Cache Snooping Remote Information Disclosure
Plusnet told me the routers do not come PCI compliant as standard as their routers are designed purely for broadband connection, and pointed me towards portforward.com. Portforward directed me to "create the port forward entries in your router" but I have no idea how to go about this. The PCI compliance company told me to show Plusnet the scan results for the port 53 UDP fault and they would be able to implement the solution, but they just say they are unable to advise.
Any idea how I can rectify this?
Re: PCI Compliance Failure
03-12-2018 11:48 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Plusnet are not really a business ISP. They do sell broadband to businesses, and have a separate tariff for business customers (and provide VAT invoices), but that is about the limit of it.
They are cheaper than most business ISPs, and for some businesses that makes them a good choice. However, they don't offer the features a lot of businesses need (PCI compliance, SSL, IPv6 etc). They don't even really understand what's required - portforward.com is intended for gamers, not businesses, and won't solve your DNS issues.
Depending on your router you may be able to change your DNS settings, which may help.
Re: PCI Compliance Failure
03-12-2018 12:41 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@ewmoore as @corringham says I wouldn't expect PN to be able to help.
This post https://forum.mikrotik.com/viewtopic.php?t=50640 makes intereseting reading and seems to indicate that the PCI compliance systems are being 'picky' about these checks. That link suggests that the only way is to get the router firewall to REJECT UDP port 53 requests rather than just DROP them. AFAIK neither of the PN supplied routers ( the Hub zero or Hub one ) have sufficient ability to control the firewall to that extent.
Do the PCI people have a list of certified routers ? if so then we could possibly advise which of those would be able to be used with PN ( probably most of them )
Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.
Re: PCI Compliance Failure
03-12-2018 4:30 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Thanks for the advice, I shall see if I can further adjust the DNS settings.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page