[isalist] ISA - Exchange and PCI Compliance

  • From: Bret Hanson <Bhanson@xxxxxxxxxx>
  • To: "'isalist@xxxxxxxxxxxxx'" <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 16 Jun 2010 10:22:34 -0500

We are running ISA 2006 EE publishing Exchange 2007 OWA & Outlook Anywhere.  
Recently we had a vulnerability scan done by a 3rd party as required by the Pay 
Card Industry (PCI).

The report came back with two problems on the public IP of the mail server.

1.   SSLv2 Supported

2.   SSL Weak Encryption Algorithms

Researching a solution to this issue has made me even more confused.  Some say 
this needs to be fixed on the ISA box and other say on both.  Anyone else dealt 
with this - can ya help a guy out?



Other related posts: