BladeSystem Virtual Connect
cancel
Showing results for 
Search instead for 
Did you mean: 

Blade systems and PCI

The Brit
Honored Contributor

Blade systems and PCI

Morning Guys,

       I'm sure that many of you are  being plagued by the current rush for PCI compliance.       First of all, let me say that I am not a network guy, or a windows/proliant guy, nor do I have the skills of the professional hacker.

 

     As part of the compliance requirements, I have already shut off all of the Telnet access and forced SSH sessions only, to the various module and OA CLI's, however my Network Guy came to see me with a Network Scan indicating that many of the modules were still allowing FTP protocol sessions.

 

    Now if I recall,  FTP is used in the firmware update process, and possible other places behind the scenes, and so I am a bit leery about turning it off (even if I knew how).     I have also argued that there are limited uses for FTP as a portal into the Flex10 administration, however as I meantioned above, I dont know enough to be able to argue that this does NOT represent a vunerability.      In any case, PCI is PCI, as far as I understand it, their dictates are non-negotiable.

 

If anyone has come up against this issue, would you be prepared to share how you have handled it, I would really appreciate it.

 

Thank to all.

 

Dave. 

1 REPLY
Casper42
Trusted Contributor

Re: Blade systems and PCI

PCI does not state anywhere that FTP is forbidden as far as I am aware. If you are not using FTP to pass PCI sensitive data, you should be fine.
Keep in mind you should have OA/VC/iLO on a dedicated subnet and you can use standard Layer 3 firewall ACLs to limit access and in a pinch put a jump box on that subnet with VCSU installed on it.

Just keep in mind the role of PCI is to keep the CC DATA protected and not everything has to be water tight.