[isalist] Re: ISA - Exchange and PCI Compliance

  • From: "Stefaan Pouseele" <stefaan.pouseele@xxxxxxxxx>
  • To: <isalist@xxxxxxxxxxxxx>
  • Date: Wed, 16 Jun 2010 17:30:42 +0200

Check out
http://blogs.isaserver.org/pouseele/2007/05/19/require-128-bit-encryption-fo
r-https-traffic-with-isa-server-2006-part3/

 

HTH, 

Stefaan

 

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On
Behalf Of Bret Hanson
Sent: woensdag 16 juni 2010 17:23
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] ISA - Exchange and PCI Compliance

 

We are running ISA 2006 EE publishing Exchange 2007 OWA & Outlook Anywhere.
Recently we had a vulnerability scan done by a 3rd party as required by the
Pay Card Industry (PCI).

 

The report came back with two problems on the public IP of the mail server.

 

1.   SSLv2 Supported

2.   SSL Weak Encryption Algorithms

 

Researching a solution to this issue has made me even more confused.  Some
say this needs to be fixed on the ISA box and other say on both.  Anyone
else dealt with this - can ya help a guy out? 

 

Thanks!

 

Bret  

 

 

Other related posts: