Rv082 fails PCI compliance test scan

Similar Messages

• Encore CS5.1 Blu-ray Replication Problem - Master Failed BDA Compliance Testing

  I've authored a Blu-ray in Encore 5.1
  I purchased and used BluStreak Tracer with Export BDCMF
  I sent the BDCMF to Cinram for duplication.
  From Cinram I received "Master Failed BDA Compliance Testing"
  The specific error is:
  Verifier: Sony BD-ROM Verifier for FS and AV
  Version: Version 2.04 Build 0049
  Compliance: ERRORS DETECTED
  Errors: 1
  Warnings: 0
  INPUT INFORMATION:
    Source: DISC IMAGE
    Type: BD25
    Layer 0 Logical Sector count: 9008416
    Path: Z:\01 TO_BE_BD_AACS_PROCESSED\SA_BPVZBG1001.1.A\Lovers Exile BDCMF\UD.DAT
  ERROR INFORMATION:
     Code: ES1711: Dolby Digital (AC-3) and Dolby Digital Plus audio streams
     Summary: The bsid field is not set to 1000b (8), or 110b (6). (See BD-ROM Part 3-1,
              9.9.4)
  How may I fix this problem? How do I get Enocre to set the bsid field to where the specs require it? 
  Are there any other work arounds to this particular problem as I am in a bit of spot because my client wants to distribute this fine disc we have created and Cinram will not because the Encore authoring does not appear to be conforming to the official specifications?  A fair bit of money is on the line.

  Finally made it throug to tech support and they created a case number and they will call me when they have a solution.  I'm not holding my breath.  In the meantime I've got to find a solution.
  The audio is encoded in the m2ts file so I’ve got to do the audio and video together.  I’m considering re-encoding via Encore but using H264 instead of mpeg but I’m not sure what audio encoding options are available as of yet if I go that route. 
  I’m first trying to establish the tools (mediainfo run in cli) to be able to evaluate what BSID is spit out.
  Another option I’m exploring is to re-render the m2ts files output by Encore (located in the stream dir) in Sony Vegas and see if they conform to BDA spec.  I’d then have to replace the files in the Stream dir and wash it through BluStreak tracer but I’m not confident it will compile the CMF properly doing it that way.
  A third option is to encode all the video via vegas, replace the footage in encore with the pre-encoded stuff (telling encore not to transcode it).  I'm not sure if I can do this in Encore though.
  Again, first step is to get the tools to “see” the problem.
  Any advice is appreciated!
  James

• Failing PCI Compliance Scan - SSL Weak...

  Hello,
  I currently use the WRVS4400n v2 (latest update) for my small business. I store and transmit data that contains credit card information and need to be PCI compliant. Regardless of which settings I change on the router, like turning off remote management, I keep failing the scan. ControlScan uses Nessus and the results are below (2 vulnerabilities).
  I did some research and spent some time with Cisco Sales Chat and they recommended a ASA5500 only to realize that it too had the same vulnerabilities. I did more research and it seemed that the SA520w (I need wireless) would do it but I found a thread on this forum saying that a client who had the SA520w did not pass the scan failed due to SSL vulerability (need v3+ ?). The thread is at https://supportforums.cisco.com/thread./2060512
  Question: What router/appliance should I use to be PCI compliant? Three has to be something, we're talking, this is Cisco.
  Thank you in advance for your help,
  Christophe
  Threat ID: 126928
  Details:
  IP Address: XX.XXX.X.XXX
  Host: XX.XXX.X.XXX
  Path:
  THREAT REFERENCE
  Summary:
  SSL Weak Cipher Suites Supported
  Risk: High (3)
  Type: Nessus
  Port: 60443
  Protocol: TCP
  Threat ID: 126928
  Information From Target:
  Here is the list of weak SSL ciphers supported by the remote server :
  Low Strength Ciphers (< 56-bit key)
  SSLv2
  EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)      Mac=MD5    export    
  EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)      Mac=MD5    export    
  The fields above are :
  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}
  Solution:
  Reconfigure the affected application if possible to avoid use of weak
  ciphers.Details:
  The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all.
  Threat ID: 142873
  Details:
  IP Address: XX.XXX.X.XXX
  Host: XX.XXX.X.XXX
  Path:
  THREAT REFERENCE
  Summary:
  SSL Medium Strength Cipher Suites Supported
  Risk: High (3)
  Type: Nessus
  Port: 60443
  Protocol: TCP
  Threat ID: 142873
  Information From Target:
  Here are the medium strength SSL ciphers supported by the remote server :
  Medium Strength Ciphers (>= 56-bit and < 112-bit key)
  SSLv2
  DES-CBC-MD5                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=MD5   
  SSLv3
  DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
  TLSv1
  DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
  The fields above are :
  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}
  Solution:
  Reconfigure the affected application if possible to avoid use of
  medium strength ciphers.Details:
  The remote host  supports the use of SSL ciphers that offer medium strength encryption,  which we currently regard as those with key  lengths at least 56 bits  and less than 112 bits.

  Chris,
  As i understand right now none of the Small Business router are PCI compliance ever since PCI 3.0 was released. How you overcome this; you'll need to forward any ports you are failing on to a ghost IP.. Ghost ip (any ip address that isn 't being used) If you are using those ports , then you will lose that service as the router isn't PCI 3.0 compliant.
  Jason
  I do believe the ASA5505 are PCI 3.0 Compliant.

• Running Lion 10.7.5, how to disable sslv2 and use only RC4 ciphers to solve vulnerability found in PCI compliance vulnerability scan.

  This is what the scan report told me to do. Is this even a problem that can be solved in a browser? I have akamai installed on my mac and they say that may be giving a false problem concerning the sslv2. I have no idea how to change the ciphers used.

  ATT says the modem for household use that I have cannot be configured to use the more secure CR4 cipher and disable sslv2 settings. Says I need to get a modem designed for business network use. What a nightmare. All I do is go to a pay gateway website and enter in my customer's credit card numbers, which then is deposited into my bank account. Seems this is the same as any credit card purchase I would make online and that ATT should have security for those transactions covered already. The pay gateway site does use CR4, but the scan has failed me because apparently my modem does not. I am not operating an e-commerce website. (I meant to say false POSITIVE in my question above, not false problem.)

• PCI Compliance and sessionid

  A recent scan of an ecommerce site I've developed and hosted
  on a shared server at CrystalTech has failed a PCI compliance test
  recently. It previously passed them.
  The report says that sessionids are predictable and therefore
  insecure. This threatens my relationship with the credit card
  companies. The good folks at CrystalTech have not been helpful yet.
  Is anyone familiar with this issue or have valuable thoughts?
  Interestingly, Securitymetrics calls it "Allaire Coldfusion".
  Man, are they out of date.

  It's a faulty report. Refer them to the following URL:
  http://livedocs.adobe.com/coldfusion/8/htmldocs/help.html?content=sharedVars_06.html

• Wrvs4400n pci compliance

  I'm keep failing my pci compliance test I have a wrvs4400n and I keep getting "firewall udp packet source port 53 ruleset bypass" i've blocked port 53 but keep getting rejected. any ideas on how to set the router? thanks

  Hi jefftreece and welcome to the Cisco Home Community!
  The WRVS4400N is handled by the Cisco Small Business Support Community.
  For discussions about this product, please go here.
  https://supportforums.cisco.com/community/netpro/small-business
  The Search Function is your friend.... and Google too.
  How to Secure your Network
  How to Upgrade Routers Firmware
  Setting-Up a Router with DSL Internet Service
  Setting-Up a Router with Cable Internet Service
  How to Hard Reset or 30/30/30 your Router

• CF 7 PCI compliance issue

  There is a security flaw in the wildcard ISAPI DLL in CF7 - Documented here:
  http://blogs.msdn.com/asiatech/archive/2009/03/13/why-private-ip-address-is-still-leaked-o n-iis-server-even-after-applying-fix-834141.aspx
  Is there an update to this ISAPI DLL that fixes this issue?
  Thanks.

  Jochem,
  You wrote:
  >So configure a Host header in your IIS website.
  I wish it was easy as that.
  Doing that works fine without the wildcard dll enabled. Unfortunately without it enabled, the CF process fails.
  Enable the DLL and the private IP headers are leaked.
  >2. I fail to see where the PCI specifiction says said behaviour is non-compliant.
  That link is no where near a full compilation of the reasons that a site would fail PCI compliancy.
  It makes sense that one would fail under the circumstances that the private IP address is being leaked. That does present some potential issues for hackers to try and take advantage of.
  The specific PCI rejection is below. The article that they quote in their rejection does not correct the issue as it is specifically related to the DLL.  As mentioned in the link in the very first post of this thread, the issue is readily evident by turning on/off the DLL requirement. Unfortunately our sites require it.
  "Synopsis :  This web server leaks a private IP address through its HTTP headers.   Description :  This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server.   There is a known issue with IIS 4.0 doing this in its default configuration. This may also affect other web servers, especially on a misconfigured redirection.  See also :  http://support.microsoft.com/support/kb/     articles/Q218/1/80.ASP See the Bugtraq reference for a full discussion.  Risk Factor:  Medium  / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE : CVE-2000-0649 BID : 1499 Other references : OSVDB:630   "

• PCI Compliance Issue

  I'm trying to make our Exchange 2013 server PCI compliant.  TO do this, I've turned off SSL2 and 3, PCT1, and TLS 1.0.  
  When I turn off TSL1.0, none of our Outlook clients can connect.  Is there a change I need to make somewhere so they use TLS1.1 or above?
  N00b here, so I may have the terminology wrong.
  Thanks.

  Jochem,
  You wrote:
  >So configure a Host header in your IIS website.
  I wish it was easy as that.
  Doing that works fine without the wildcard dll enabled. Unfortunately without it enabled, the CF process fails.
  Enable the DLL and the private IP headers are leaked.
  >2. I fail to see where the PCI specifiction says said behaviour is non-compliant.
  That link is no where near a full compilation of the reasons that a site would fail PCI compliancy.
  It makes sense that one would fail under the circumstances that the private IP address is being leaked. That does present some potential issues for hackers to try and take advantage of.
  The specific PCI rejection is below. The article that they quote in their rejection does not correct the issue as it is specifically related to the DLL.  As mentioned in the link in the very first post of this thread, the issue is readily evident by turning on/off the DLL requirement. Unfortunately our sites require it.
  "Synopsis :  This web server leaks a private IP address through its HTTP headers.   Description :  This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server.   There is a known issue with IIS 4.0 doing this in its default configuration. This may also affect other web servers, especially on a misconfigured redirection.  See also :  http://support.microsoft.com/support/kb/     articles/Q218/1/80.ASP See the Bugtraq reference for a full discussion.  Risk Factor:  Medium  / CVSS Base Score : 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) CVE : CVE-2000-0649 BID : 1499 Other references : OSVDB:630   "

• PCI compliance scans failed with Sophos UTM

  From one of my training guides

  We have a Sophos UTM and use some RED devices at a few remote offices. We have just completed our quarterly PCI compliance scans and we are failing now due to port 3400 accepting SSL RC4 Cipher Suites. I've opened a ticket with Sophos' support to see if they could provide documentation that this is a false positive or provide some other solution. Their response thus far has been advising us to make a feature request @ feature.astaro.org. Obviously not the response we are looking for.My question is has anyone run into something like this before? How did you address the issue?My only thought at this point is to replace the RED devices at the remote offices and utilize another type of vpn. This is not the most desirable option as it means flying someone out to the remote offices and a network restructure. If anyone has some better...
  This topic first appeared in the Spiceworks Community

• RV082 Failing Credit Card processing security scan

  Hello,
  I have an RV082 setup as the home unit for a small business VPN network and the unit is actuall in a town 30 miles from my office. I have the web interface setup so I can manage the VPN as well as open and close ports as required for remote desktop access to the facility. We have started processing credit cards with a new vendor and they do a quarterly security scan on the system. I have 2.0.0.19 firmware loaded on it. They failing my RV082 because it supports less than 128 bit on port 443.
  Is there a way I can configure it to only accept 128 or 256 only?
  I have never worked with the CLI on this unit just the GUI.
  Thanks in advance

  Hello toddah
  It would be very nice if I could access from different locations as I
  never lknow where I will be (ip address) when I am needed to provide
  assistance. I generally log into the firewall and open a RDT port to a
  specific machine for the duration of the support session and then back
  out and close the port. I was hoping there was some way configuration
  wise I could upgrade or limit the encryption strength so I could pass
  the test and keep things secure.
  I see. You were using RDP ports to access your network, and this process is no longer perceived as PCI compliant. You are correct in that a VPN connection may work for you. Being that you have an RV082, you have 3 options to establish a VPN connection to your RV082's network:
  1. IPSec Client - to - gateway, 2. Cisco Quick VPN, and 3. PPTP VPN. I am unsure as to which method will satisfy PCI compliance thoroughly.
  will anyconnect work withthe RV082 as a VPN client?
  I have not tested this, so I cannot state whether this will work. I can say that the RV082 allows IPSec VPN connections and works with clients that are built on Windows IPSec policies. In other words, this may work for you, but I would be unable to say for certain.
  You can download the Cisco Quick VPN client from the Cisco.com Website.
  I certainly hope this helps.

• SCSI Compliance Test (LOGO), StorageParameters.exe command is failing

  Hi,
  We have a Virtual StorPort mini driver and I'm running SCSI Compliance Test
  (LOGO) as part of HCK, but the test is failing with following error when run against our device.
  ======================
   Exception
    TypeName StorageDevices.Device
    Message The type initializer for 'StorageDevices.Device' threw an exception.
    InnerException
     Message Exception has been thrown by the target of an invocation.
     InnerException
      Message The system cannot find the file specified
      TargetSite System.String QueryDosDevice(System.String)
      StackTrace at StorageDevices.Device.QueryDosDevice(String deviceName) at
  StorageDevices.Volume.InitializeObjectCache()
      Source StorageDevices
      HResult 0x80004005
     TargetSite System.Object _InvokeMethodFast(System.IRuntimeMethodInfo,
  System.Object, System.Object[], System.SignatureStruct ByRef,
  System.Reflection.MethodAttributes, System.RuntimeType)
     StackTrace at System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo
  method, Object target, Object[] arguments, SignatureStruct& sig,
  MethodAttributes methodAttributes, RuntimeType typeOwner) at
  System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object
  target, Object[] arguments, Signature sig, MethodAttributes methodAttributes,
  RuntimeType typeOwner) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj,
  BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo
  culture, Boolean skipVisibilityChecks) at
  System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr,
  Binder binder, Object[] parameters, CultureInfo culture) at
  StorageDevices.Device.RegisterDeviceClassesFromAssembly(Assembly assembly, Type
  typeToRegister) at StorageDevices.Device..cctor()
     Source mscorlib
     HResult 0x80131604
    TargetSite StorageDevices.Device GetDevice(System.String)
    StackTrace
     StackFrame
      Class StorageDevices.Device
      Method GetDevice
      Signature StorageDevices.Device GetDevice(System.String)
     StackFrame
      Class StorageParameters.StorageParameters
      Method Main
      Signature Void Main(System.String[])
    Source StorageDevices
    HResult 0x80131534
  ======================
  I also tried to run the test against the MSFT VHD but it also fails with the
  same error, here is the command the test is trying to perform
  StorageParameters.exe /device
  SCSI\DISK&VEN_MSFT&PROD_VIRTUAL_DISK\6&1D8CC2C5&0&000000 /outscript
  set_params.cmd /sort LargestNonBoot /strictness Preference
  From this error I'm not able to figure out what is missing for this test to
  fail. Can anyone please help me in understanding the issue here?
  Thanks,
  Sunil.

  Kashif Khan wrote:
  THE ISSUE HAS BEEN RESOLVED!
  With the same configuration the installation completed successfully on Oracle's Virtual Box. I had a lot of issues while installing Grid Control 11g on VMware, but, that got installed successfully as well on the Virtual Box.
  Hence proved, VMware is no good for Oracle virtualization any more.
  Hi,
  Good if you have it resolved. Now could you please mark the thread as answered to avoid confusion
  Cheers

• Upgrade firmware for PCI compliance scan

  I have a WRT54G ver. 5 wireless router running ver. 1.02.0 firmware. I'm anticipating a PCI compliance scan which my bank requires since I transmit credit card numbers from here for my online business. I'm wondering if I should upgrade to the latest firmware version (1.02.6) before the scan. The router is working fine and I'm a great believer in not fixing things if they aren't broken. Does the upgrade make security improvements (which I should have) or just fix problems (which I don't have)?

  If the router is upgraded with latest firmware...it resolve many problem.So if you get some time you may upgrade the firmare . 

• Skype Causing PCI Compliance Failure

  Hi,
  As part of my business, I have to undergo PCI Data compliance scans every 3 months. Everything has been okay, but I recently failed a scan, and received this message:
  Description: Skype for Windows < 5.8.0.154 Unspecified Vulnerability (uncredentialed check) Synopsis: The remote Skype install has an unspecified vulnerability. Impact: According to its timestamp, the version of Skype installed on the remote Windows host reportedly has an as-yet unspecified vulnerability.
  The suggested "Resolution" is to 'Upgrade to Skype for Windows 5.8.0.154 or later.'
  I am running Wndows on VMWare Fusion on my Mac. Initially, I deleted Skype altogether from Windows and updated Skype on my MAC OS X, and still received the same message So I reinstalled the latest version of Skype for Windows, and STILL received a fail on the scan.
  Is there some way to fix this? It looks like resolving this issue will fix up all the problems I've been having. Any help would be greatly appreciated.

  Hi there ... your post was a long time ago, but wondered if you managed to solve the problem of Skype clients causing PCI compliance to fail?  We are going through the same issues at the moment, all Skype clients updated, yet we are still failing every test.  If you managed to find a fix, would be great to know!  Cheers.

• NI MAX sees GPIB controller/board, but hangs on Troubleshooting test/Scan

  Hello,
  I have a new PC (Win7, 64 bit) with a new PCI-E GPIB card and NI-VISA 14.0 (latest). I can't get the card to 'do' anything - it won't pass the troubleshooting self test, or scan for instruments, and the ibfind command in Interactive control does nothing (they all 'hang' no error reported). This is happening with two identical machines, each with the PCI-E card. My test machine from 6 monts ago works fine, but that is 32 bit and has a different firmware/chipset from the vendor (which was unexpected, we ordered the same model, but the vendor seems to think it's so minor they kept the model the same number).
  Any ideas on what steps to take? I've downgraded NI-VISA a couple of times already, and Windows happily reports the driver/card are working fine. GPIB options all seem normal on default (GPIB0, system controller checked, etc).
  Thank you for any suggestions!
  - Rick
  Solved!
  Go to Solution.

  Hi rnelsonee,
  Make sure that you also have the NI-488.2 driver up to date so you can communicate with GPIB devices properly. You can follow this link for a download.
  http://www.ni.com/download/ni-488.2-14.0/4802/en/
  If you are still running into issues, could you let me know what kind of errors you get when you fail the self-test in NI MAX? Any screenshots or error codes you can provide will be useful. Thanks.
  Paul C
  Paul C
  Applications Engineer
  National Instruments

• Patching vulnerabilities for PCI compliance

  Hi
  My Apple Profile Manager server has failed a PCI compliance scan, due to the vulnerabilities listed below. The OS and the software are patched to the highest level, but its still failing
  What do i need to do to be able to resolve these? If i can't patch them by Thursday, i'll have to shut down the server
  SSL/TLS use of weak RC4 cipher                                                            CVE-2013-2566         
  OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20140806)    CVE-2014-3512         
                                                                                                                 CVE-2014-3511
                                                                                                                 CVE-2014-3510
                                                                                                                 CVE-2014-3507
                                                                                                                 CVE-2014-3508:
                                                                                                                 CVE-2014-5139:
                                                                                                                 CVE-2014-3509:
                                                                                                                 CVE-2014-3505:
                                                                                                                 CVE-2014-3506
  Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day     CVE-2007-6750

  If your running OS X 10.9.2 as your message indicates then you are not patched to the highest level. (By a long way.)
  OS X 10.9.5 plus Security Update 2014-005 would give you all the current patches for Mavericks. If you upgraded to Yosemite and Server.app 4.0 you would get some further updates. (Server 4.0 would have to be purchased although Yosemite aka. OS X 10.10 itself is free.)
  Even with all of those I suspect some of the issues you list will not be patched. In theory you could manually compile and install patches but this is generally a very bad idea as you will then break compatibility with Apple's own software such as the server configuration tool Server.app and likely break Profile Manager completely and if you use it the Wiki module.
  If you want complete control over patching the software then OS X is not going to let you do this with out as mentioned above severe consequences. Only Linux gives you that level of control. Arguably Windows gives you even less control than OS X as in Windows it is all closed source (Microsoft) software.