PCI-DSS Compliance problems


#1

Hi I am trying to get PCI-DSS compliance on my site.
I have run Trustwave scanner and it has thrown up some issues that i don’t know how to solve.

Port 21 : Unencrypted Communication Channel Accessibility

Description: The service running on this port appears to make use of a plaintext (unencrypted) communication channel. The PCI DSS forbids the use of such insecure services/protocols. Unencrypted communication channels are vulnerable to the disclosure and/or modification of any data transiting through them (including usernames and passwords), and as such the confidentially and integrity of the data in transit cannot be ensured with any level of certainty.

Remedy: Transition to using more secure alternatives such as SSH instead of Telnet and SFTP in favor of FTP, or consider wrapping less secure services within more secure technologies by utilizing the benefits offered by VPN, SSL/TLS, or IPSec for example. Also, limit access to management protocols/services to specific IP addresses (usually accomplished via a “whitelist”) whenever possible.

[color=#FF0000]Now I already transitioned over to SSH and SFTP. Also Disallowed shell. Yet i still get this error.[/color]

Port 25 Unencrypted Communication Channel Accessibility

Same error as and remedy as above.

I cant find any way to disallow plain text login for mail and only use secured mail on dream host.

Port 587 Unencrypted Communication Channel Accessibility

Same Error and Remedy as above.

Really need help, i’m really at the end of the rope here :confused:


#2

Did you check the little box to “Disallow FTP”

having shell access would not affect that.

Also, do you have secure hosting for your site? (Using an ssl cert?)


#3

Yes i have SSL running, still waiting for the signed SSL cert.

Yes i have ticked disallow FTP.

Is there anything else i have to do to secure mail? The scanner keeps complaining that i have plain text authentication with no encryption for those mail ports.