Hi I am trying to get PCI-DSS compliance on my site.
I have run Trustwave scanner and it has thrown up some issues that i don’t know how to solve.
Port 21 : Unencrypted Communication Channel Accessibility
Description: The service running on this port appears to make use of a plaintext (unencrypted) communication channel. The PCI DSS forbids the use of such insecure services/protocols. Unencrypted communication channels are vulnerable to the disclosure and/or modification of any data transiting through them (including usernames and passwords), and as such the confidentially and integrity of the data in transit cannot be ensured with any level of certainty.
Remedy: Transition to using more secure alternatives such as SSH instead of Telnet and SFTP in favor of FTP, or consider wrapping less secure services within more secure technologies by utilizing the benefits offered by VPN, SSL/TLS, or IPSec for example. Also, limit access to management protocols/services to specific IP addresses (usually accomplished via a “whitelist”) whenever possible.
[color=#FF0000]Now I already transitioned over to SSH and SFTP. Also Disallowed shell. Yet i still get this error.[/color]
Port 25 Unencrypted Communication Channel Accessibility
Same error as and remedy as above.
I cant find any way to disallow plain text login for mail and only use secured mail on dream host.
Port 587 Unencrypted Communication Channel Accessibility
Same Error and Remedy as above.
Really need help, i’m really at the end of the rope here