As part of our migration to a new credit card processing service - the vendor required a Vulnerability Scan to be run against our firewall (ASG 220 - 7.511).
The ASG almost escaped unscathed - other than an issue with SSLv2 (tcp/3400). Apparently our ASG220 accepted a SSLv2 connection. SSLv2 has some known "cryptographic weaknesses" that make it no PCI compliant. Obviously this is an old protocol...
Not sure if this is configurable - or has been resolved in newer firmware/updates (we tend to lag a bit behind the "bleeding edge" on updates).
A secondary issue also was flagged - in that the "System Responds to SYN+FIN TCP Packets"...
Any thoughts or suggestions.
The ASG almost escaped unscathed - other than an issue with SSLv2 (tcp/3400). Apparently our ASG220 accepted a SSLv2 connection. SSLv2 has some known "cryptographic weaknesses" that make it no PCI compliant. Obviously this is an old protocol...
Not sure if this is configurable - or has been resolved in newer firmware/updates (we tend to lag a bit behind the "bleeding edge" on updates).
A secondary issue also was flagged - in that the "System Responds to SYN+FIN TCP Packets"...
Any thoughts or suggestions.