Meraki

Community

About HOD-DBQ

Re: Can these protocols/ciphers/attacks be blocked by MX65?

by in Security & SD-WAN
‎Feb 7 2018 9:47 AM
‎Feb 7 2018 9:47 AM
The open ports method was kind of grandfathered in when we switched routers. We've always been a bit concerned about the security. We've used the VPN Clients for other access and now we will be using it completely and as you say get rid of the port forwards. I've already tested it and it works. And of course, this will also eliminate any Scan failures we would have with PCI which is what got me started in the first place. Thanks for your help. ... View more

Can these protocols/ciphers/attacks be blocked by MX65?

by in Security & SD-WAN
‎Feb 5 2018 1:00 PM
‎Feb 5 2018 1:00 PM
PCI (Payment Card Industry) scans our network through the MX65 to check for vulnerabilities. The scan itself is intended to check the web server that is used for accepting credit card payments and identify any vulnerabilities. We however do not have a web server and of course do not accept credit card payments in that way. We have a card reader that sits in the office and is connected via a USB port to a local PC. So the purpose of the scan is really meaningless for our setup. The scans fail because we have Ports opened on the MX65 Firewall settings to allow for Remote Desktop Connections. None of these PC's ever have the card reader attached to it so that is another reason why the scans are meaningless. The scan is able to connect through these ports and establish connections using methods that are now considered security risks. What I'm trying to figure out is if I can stop these connections by disabling these at the MX65? Then our scan would not have any failures. Here are the 4 that I want to focus on: 1. TLS 1.0 2. CVE-2016-2183 (SWEET32 attack) 3. CVE-2013-2566 (RC4 ciphers) 4. CVE-2016-0800 (SSLv2 protocol) Can any of these be blocked at the Meraki MX65 router so they won't show as failures?   Thank you. Dave   ... View more
© 2025 Cisco Systems, Inc.