cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

PCI Compliance Failure

ewmoore
Newbie
Posts: 2
Registered: ‎03-12-2018

PCI Compliance Failure

‎03-12-2018 8:44 AM

I recently failed PCI compliance scan on the following:

 

- DNS Server Recursive Query Cache Poisoning Weakness

- DNS Server Cache Snooping Remote Information Disclosure

 

Plusnet told me the routers do not come PCI compliant as standard as their routers are designed purely for broadband connection, and pointed me towards portforward.com. Portforward directed me to "create the port forward entries in your router" but I have no idea how to go about this. The PCI compliance company told me to show Plusnet the scan results for the port 53 UDP fault and they would be able to implement the solution, but they just say they are unable to advise.

 

Any idea how I can rectify this?

Message 1 of 4
(1,385 Views)
0 Thanks
3 REPLIES 3
corringham
Seasoned Champion
Posts: 1,233
Thanks: 650
Fixes: 16
Registered: ‎25-09-2015

Re: PCI Compliance Failure

‎03-12-2018 11:48 AM

Plusnet are not really a business ISP. They do sell broadband to businesses, and have a separate tariff for business customers (and provide VAT invoices), but that is about the limit of it.

They are cheaper than most business ISPs, and for some businesses that makes them a good choice. However, they don't offer the features a lot of businesses need (PCI compliance, SSL,  IPv6 etc). They don't even really understand what's required - portforward.com is intended for gamers, not businesses, and won't solve your DNS issues.

Depending on your router you may be able to change your DNS settings, which may help.

Message 2 of 4
(1,353 Views)
MisterW
Superuser
Superuser
Posts: 14,717
Thanks: 5,503
Fixes: 393
Registered: ‎30-07-2007

Re: PCI Compliance Failure

‎03-12-2018 12:41 PM

@ewmoore as @corringham says I wouldn't expect PN to be able to help.

This post https://forum.mikrotik.com/viewtopic.php?t=50640 makes intereseting reading and seems to indicate that the PCI compliance systems are being 'picky' about these checks. That link suggests that the only way is to get the router firewall to REJECT UDP port 53 requests rather than just DROP them. AFAIK neither of the PN supplied routers ( the Hub zero or Hub one ) have sufficient ability to control the firewall to that extent.

Do the PCI people have a list of certified routers ? if so then we could possibly advise which of those would be able to be used with PN ( probably most of them )

 

Superusers are not staff, but they do have a direct line of communication into the business in order to raise issues, concerns and feedback from the community.

Message 3 of 4
(1,336 Views)
ewmoore
Newbie
Posts: 2
Registered: ‎03-12-2018

Re: PCI Compliance Failure

‎03-12-2018 4:30 PM

Thanks for the advice, I shall see if I can further adjust the DNS settings.

Message 4 of 4
(1,317 Views)
0 Thanks