Community
  • About jaswild
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Re: PCI Compliance

by in Security / SD-WAN
‎09-14-2017 08:14 PM
‎09-14-2017 08:14 PM
Philip,   Thanks, I'll work with customer to take this further. ... View more

PCI Compliance

by in Security / SD-WAN
‎09-13-2017 09:02 PM
‎09-13-2017 09:02 PM
Good evening.  Looking for anyone that has experience, tips, info on PCI compliance and how it may pertain to the Meraki MX64.  I have a small body shop as a customer and they had PCI compliance test done and failed.   The vulnerability was: Internet Key Exchange (IKE) Aggressive Mode with Pre-Shared Key port 500 / udp / ikev1   THREAT: The remote IKEv1 service supports Aggressive Mode with Pre-Shared key.   IMPACT: The remote Internet Key Exchange (IKE) version 1 service seems to support Aggressive Mode with Pre-Shared key (PSK) authentication. Such a configuration could allow an attacker to capture and crack the PSK of a VPN gateway and gain unauthorized access to private networks.   SOLUTION: - Disable Aggressive Mode if supported. - Do not use Pre-Shared key for authentication if it's possible. - If using Pre-Shared key cannot be avoided, use very strong keys. - If possible, do not allow VPN connections from any IP addresses.   Does this necessarily happen at the MX?  Comcast Business is the ISP ahead of the MX and the workstations each run Kapersky or WinDef for antivirus/firewall.   Thank you in advance for any tips or advice. ... View more
© 2020 Meraki