[isalist] Re: ISA - Exchange and PCI Compliance

  • From: Steven Comeau <scomeau@xxxxxxxxxxxxxxxxxx>
  • To: "isalist@xxxxxxxxxxxxx" <isalist@xxxxxxxxxxxxx>
  • Date: Sat, 19 Jun 2010 14:02:46 -0400

I did it on both, however, the error also came up on my other ISA boxes that 
weren't serving OWA (or any HTTP/s protocol) - so I did it on those ISA boxes 
just to shut up our Information Protection Department.

I've also gotten bogus warnings (failures) about the version of PPTP I'm using 
for site-to-site VPN as well as user VPN - yet the scan doesn't report the 
error on both end IPs.  PCI is maddening.  They kept failing our website for 
non-compliancy, yet I kept telling them that our website doesn't collect credit 
card information - we link to a URL @ Barnes and Noble to buy gear... so, I 
simply took that IP out of their range to scan.  Don't hesitate to challenge 
the results with good, hard evidence.

Steve Comeau
Associate Director of IT  Rutgers Athletics
83 Rockafeller Road
Piscataway, NJ  08854
732-445-7802
732-445-4623 (fax)
www.scarletknights.com<http://www.scarletknights.com>


[cid:image005.png@01CB0FB8.186962F0]
  [cid:image006.jpg@01CB0FB8.186962F0]




From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Bret Hanson
Sent: Saturday, June 19, 2010 12:35 PM
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] Re: ISA - Exchange and PCI Compliance

So is it safe to say SSLv2 and the weak ciphers need to be disabled on the ISA 
box only?

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Jim Harrison
Sent: Saturday, June 19, 2010 11:21 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA - Exchange and PCI Compliance

..and 
http://blogs.technet.com/b/isablog/archive/2010/03/24/meet-pci-compliance-with-hyperguard-solution-by-a-forefront-tmg-business-partner.aspx

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Stefaan Pouseele
Sent: Wednesday, June 16, 2010 8:31 AM
To: isalist@xxxxxxxxxxxxx
Subject: [isalist] Re: ISA - Exchange and PCI Compliance

Check out 
http://blogs.isaserver.org/pouseele/2007/05/19/require-128-bit-encryption-for-https-traffic-with-isa-server-2006-part3/

HTH,
Stefaan

From: isalist-bounce@xxxxxxxxxxxxx [mailto:isalist-bounce@xxxxxxxxxxxxx] On 
Behalf Of Bret Hanson
Sent: woensdag 16 juni 2010 17:23
To: 'isalist@xxxxxxxxxxxxx'
Subject: [isalist] ISA - Exchange and PCI Compliance

We are running ISA 2006 EE publishing Exchange 2007 OWA & Outlook Anywhere.  
Recently we had a vulnerability scan done by a 3rd party as required by the Pay 
Card Industry (PCI).

The report came back with two problems on the public IP of the mail server.


1.   SSLv2 Supported

2.   SSL Weak Encryption Algorithms

Researching a solution to this issue has made me even more confused.  Some say 
this needs to be fixed on the ISA box and other say on both.  Anyone else dealt 
with this - can ya help a guy out?


Thanks!

Bret



***  This message contains confidential information and is
intended only for the individual named. If you are not the
named addressee, you should not disseminate, distribute or
copy this e-mail. Please notify the sender immediately by
e-mail if you have received this e-mail by mistake and delete
this e-mail from your system. E-mail transmission cannot be
guaranteed to be secure or error-free as information could be 
intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses.  The sender therefore does not
accept liability for any errors or omissions in the contents of
this message, which arise as a result of e-mail transmission.
If verification is required please request a hard-copy version.
Rutgers University - DIA
83 Rockafeller Road
Piscataway, NJ 08854
www.scarletknights.com *** 

PNG image

JPEG image

Other related posts: