HPE Community
BladeSystem - General
1752681 Members
5796 Online
108789 Solutions
New Discussion

Re: Blade systems and PCI

 
The Brit
Honored Contributor

‎10-11-2012 04:47 AM

‎10-11-2012 04:47 AM

Blade systems and PCI

Morning Guys,

       I'm sure that many of you are  being plagued by the current rush for PCI compliance.       First of all, let me say that I am not a network guy, or a windows/proliant guy, nor do I have the skills of the professional hacker.

 

     As part of the compliance requirements, I have already shut off all of the Telnet access and forced SSH sessions only, to the various module and OA CLI's, however my Network Guy came to see me with a Network Scan indicating that many of the modules were still allowing FTP protocol sessions.

 

    Now if I recall,  FTP is used in the firmware update process, and possible other places behind the scenes, and so I am a bit leery about turning it off (even if I knew how).     I have also argued that there are limited uses for FTP as a portal into the Flex10 administration, however as I meantioned above, I dont know enough to be able to argue that this does NOT represent a vunerability.      In any case, PCI is PCI, as far as I understand it, their dictates are non-negotiable.

 

If anyone has come up against this issue, would you be prepared to share how you have handled it, I would really appreciate it.

 

Thank to all.

 

Dave. 

Reply
1 REPLY 1
Casper42
Respected Contributor

‎11-29-2012 10:57 PM

‎11-29-2012 10:57 PM

Re: Blade systems and PCI

PCI does not state anywhere that FTP is forbidden as far as I am aware. If you are not using FTP to pass PCI sensitive data, you should be fine.
Keep in mind you should have OA/VC/iLO on a dedicated subnet and you can use standard Layer 3 firewall ACLs to limit access and in a pinch put a jump box on that subnet with VCSU installed on it.

Just keep in mind the role of PCI is to keep the CC DATA protected and not everything has to be water tight.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.