Completed

block ports 21 and 2077 on server for PCI compliance

This project was successfully completed by rmmarconi for £32 GBP in a day.

Get free quotes for a project like this
Employer working
Completed by:
Project Budget
£20 - £250 GBP
Completed In
1 day
Total Bids
9
Project Description

I have a server trying to meet PCI compliance and the scan from Trustwave has highlighted the details below regarding port 21 and port 2077.
Tech support for my server says these can be blocked but they don't offer a service for doing the actual work. They say it can be done using IP tables as it is a dedicated server.
So as far as I understand, I need to get these ports blocked and am looking for someone with the skills and knowledge to do this.

Unencrypted Communication Channel Accessibility
port 21
The service running on this port (most often Telnet, FTP, etc…) appears to make use of a plaintext (unencrypted) communication channel. Payment industry policies (PCI 1.1.5.b, 2.2.2.b, 2.3, & 8.4.a) forbid the use of such insecure services/protocols. Unencrypted communication channels are vulnerable to the disclosure and/or modification of any data transiting through them (including usernames and passwords), and as such the confidentially and integrity of the data in transit cannot be ensured with any level of certainty.

Web Application Transmits Login Credentials Without Encryption
port 2077
There is a web application running on this host that transmits login credentials over HTTP, which is a cleartext protocol. As such, if an attacker was able to intercept traffic containing login credentials, it would be trivial to view user account and password information."

Looking to make some money?

  • Set your budget and the timeframe
  • Outline your proposal
  • Get paid for your work

Hire Freelancers who also bid on this project

    • Forbes
    • The New York Times
    • Time
    • Wall Street Journal
    • Times Online