Upgrade firmware for PCI compliance scan

Similar Messages

• Patching vulnerabilities for PCI compliance

  Hi
  My Apple Profile Manager server has failed a PCI compliance scan, due to the vulnerabilities listed below. The OS and the software are patched to the highest level, but its still failing
  What do i need to do to be able to resolve these? If i can't patch them by Thursday, i'll have to shut down the server
  SSL/TLS use of weak RC4 cipher                                                            CVE-2013-2566         
  OpenSSL Multiple Vulnerabilities (OpenSSL Security Advisory 20140806)    CVE-2014-3512         
                                                                                                                 CVE-2014-3511
                                                                                                                 CVE-2014-3510
                                                                                                                 CVE-2014-3507
                                                                                                                 CVE-2014-3508:
                                                                                                                 CVE-2014-5139:
                                                                                                                 CVE-2014-3509:
                                                                                                                 CVE-2014-3505:
                                                                                                                 CVE-2014-3506
  Apache Partial HTTP Request Denial of Service Vulnerability - Zero Day     CVE-2007-6750

  If your running OS X 10.9.2 as your message indicates then you are not patched to the highest level. (By a long way.)
  OS X 10.9.5 plus Security Update 2014-005 would give you all the current patches for Mavericks. If you upgraded to Yosemite and Server.app 4.0 you would get some further updates. (Server 4.0 would have to be purchased although Yosemite aka. OS X 10.10 itself is free.)
  Even with all of those I suspect some of the issues you list will not be patched. In theory you could manually compile and install patches but this is generally a very bad idea as you will then break compatibility with Apple's own software such as the server configuration tool Server.app and likely break Profile Manager completely and if you use it the Wiki module.
  If you want complete control over patching the software then OS X is not going to let you do this with out as mentioned above severe consequences. Only Linux gives you that level of control. Arguably Windows gives you even less control than OS X as in Windows it is all closed source (Microsoft) software.

• PCI compliance scans failed with Sophos UTM

  From one of my training guides

  We have a Sophos UTM and use some RED devices at a few remote offices. We have just completed our quarterly PCI compliance scans and we are failing now due to port 3400 accepting SSL RC4 Cipher Suites. I've opened a ticket with Sophos' support to see if they could provide documentation that this is a false positive or provide some other solution. Their response thus far has been advising us to make a feature request @ feature.astaro.org. Obviously not the response we are looking for.My question is has anyone run into something like this before? How did you address the issue?My only thought at this point is to replace the RED devices at the remote offices and utilize another type of vpn. This is not the most desirable option as it means flying someone out to the remote offices and a network restructure. If anyone has some better...
  This topic first appeared in the Spiceworks Community

• Failing PCI Compliance Scan - SSL Weak...

  Hello,
  I currently use the WRVS4400n v2 (latest update) for my small business. I store and transmit data that contains credit card information and need to be PCI compliant. Regardless of which settings I change on the router, like turning off remote management, I keep failing the scan. ControlScan uses Nessus and the results are below (2 vulnerabilities).
  I did some research and spent some time with Cisco Sales Chat and they recommended a ASA5500 only to realize that it too had the same vulnerabilities. I did more research and it seemed that the SA520w (I need wireless) would do it but I found a thread on this forum saying that a client who had the SA520w did not pass the scan failed due to SSL vulerability (need v3+ ?). The thread is at https://supportforums.cisco.com/thread./2060512
  Question: What router/appliance should I use to be PCI compliant? Three has to be something, we're talking, this is Cisco.
  Thank you in advance for your help,
  Christophe
  Threat ID: 126928
  Details:
  IP Address: XX.XXX.X.XXX
  Host: XX.XXX.X.XXX
  Path:
  THREAT REFERENCE
  Summary:
  SSL Weak Cipher Suites Supported
  Risk: High (3)
  Type: Nessus
  Port: 60443
  Protocol: TCP
  Threat ID: 126928
  Information From Target:
  Here is the list of weak SSL ciphers supported by the remote server :
  Low Strength Ciphers (< 56-bit key)
  SSLv2
  EXP-RC2-CBC-MD5            Kx=RSA(512)   Au=RSA     Enc=RC2(40)      Mac=MD5    export    
  EXP-RC4-MD5                Kx=RSA(512)   Au=RSA     Enc=RC4(40)      Mac=MD5    export    
  The fields above are :
  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}
  Solution:
  Reconfigure the affected application if possible to avoid use of weak
  ciphers.Details:
  The remote host supports the use of SSL ciphers that offer either weak encryption or no encryption at all.
  Threat ID: 142873
  Details:
  IP Address: XX.XXX.X.XXX
  Host: XX.XXX.X.XXX
  Path:
  THREAT REFERENCE
  Summary:
  SSL Medium Strength Cipher Suites Supported
  Risk: High (3)
  Type: Nessus
  Port: 60443
  Protocol: TCP
  Threat ID: 142873
  Information From Target:
  Here are the medium strength SSL ciphers supported by the remote server :
  Medium Strength Ciphers (>= 56-bit and < 112-bit key)
  SSLv2
  DES-CBC-MD5                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=MD5   
  SSLv3
  DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
  TLSv1
  DES-CBC-SHA                Kx=RSA        Au=RSA     Enc=DES(56)      Mac=SHA1  
  The fields above are :
  {OpenSSL ciphername}
  Kx={key exchange}
  Au={authentication}
  Enc={symmetric encryption method}
  Mac={message authentication code}
  {export flag}
  Solution:
  Reconfigure the affected application if possible to avoid use of
  medium strength ciphers.Details:
  The remote host  supports the use of SSL ciphers that offer medium strength encryption,  which we currently regard as those with key  lengths at least 56 bits  and less than 112 bits.

  Chris,
  As i understand right now none of the Small Business router are PCI compliance ever since PCI 3.0 was released. How you overcome this; you'll need to forward any ports you are failing on to a ghost IP.. Ghost ip (any ip address that isn 't being used) If you are using those ports , then you will lose that service as the router isn't PCI 3.0 compliant.
  Jason
  I do believe the ASA5505 are PCI 3.0 Compliant.

• ISA500 series PCI compliance scans

  We have a single customer who's having a problem with their credit card PCI vendor, First Data, scanning their ISA550W running 1.2.15.  Of all my customers with an ISA500 series device, this is the only customer who has had a PCI vendor tell them they cannot run their scans and that they must whitelist an entire /24 to allow the scans to continue.  The only open port is an encrypted remote support port and there are no other ACLs in place to block anything other than the defaults that ship with the ISA.  Anyone have any ideas why the First Data would have a problem with the ISA550W?

  Thanks for your reply.  First Data http://biz.yahoo.com/ic/14/14441.html well, what can you say, they're big bully and in this case you have to love what ended up being the problem.  First Data sent this to the customer:
  This is an automated email to notify you that a PCI vulnerability scan of the IP  addresses or domains used by CUSTOMER NAME could not be completed. This scan  is included as part of your PCI Rapid Comply services.
  Please confirm  that the following IP addresses or domains are the ones you use for the  transmission of cardholder data. Unless you have paid extra to your Internet  Service Provider to get a "static" IP address, your IP address may have  changed.
  xxx.xxx.xxx.xxx
  Also, please make sure you have added the  following IP addresses to your firewall (and/or IDS/IPS) whitelist:
  38.123.140.0/24 for the duration  of your PCI scan. If another department within your organization (or a vendor)  manages your firewall and IDS/IPS, please make them aware of this scan and  request that the above IP addresses are temporarily added to the  whitelist.
  You need to have a passing PCI scan to be compliant.  Therefore, once you have confirmed that the target hosts are correct and that  your firewall and IDS/IPS whitelist allows access by 38.123.140.0/24, please schedule  another PCI scan of the networks used to process, transmit, or store cardholder  data.
  Thank you,
  First Data PCI Rapid Comply Support Team
  [email protected]
  As you stated, what these fools don't seem to get is by whitelisting their IPs any outside network scans (this isn't done by an internal software scanner but from their remote network) becomes moot.  I tried explaining to their trained monkey that the proper behavior for a firewall that detects remote scans is to block those scans.  The guy kep reading to me off his 3"x5" index card (I'm sure it wasn't a card, but you get my drift).  He clearly had never even seen a firewall let alone managed a network.
  After a couple hours of bouncing around inside First Data and shaking limbs, my customer got a call back from their account rep who stated that they were totally PCI compliant and that the e-mail was BOGUS!  The e-mail was sent out just after 10AM Sunday, 23 June 2013 and we were notified 24 hours later.  So 26 hours later this company who prides itself on being one of the biggest CC processing companies out there is too lazy to send a follow-up e-mail admitting they sent out false notifications wasting their customers' time and mine.  I asked their media rep who called me back about 3 hours after I got the call from the customer, "who gets the bill for my time?"  She had no answer.  Hopefully the lawsuits pending against PCI and CC processors will have a chilling effect on their strong arm tactics and their clueless PCI scans.

• Trying to upgrade firmware for WRT54G V6 on Windows 7

  Since buying a windows 7 PC, my WRT54G V6 is dropping connection a lot more than it should (1/hr).  Because of this i thought to update the firmware.  I have downloaded the new .bin and accessed 192.168.1.1, but when i try to move to the ADMINISTRATION page all i get is ascii chars and no admin page, the only pages that actually work are the basic setup and DDNS setup.  For info i'm currently running Firmware Version: v1.00.9
  Asked for help online and got as far as downloading Tftp,0, but that onlyworks to the point where it tells me ''unable to get responses from the servers''
  can anyone help or do i just get a new router ???
  Thanks in advance, les
  Solved!
  Go to Solution.

  Try to upgrade the router's firmware using TFTP utility..Download the TFTP utility and save it on the desktop.Also Download the firmware for WRT54G v6 and save it on the desktop.
  Follow these steps to upgrade the firmware on the device : -
  Double click the TFTP.exe file and click run.
  For Server- Enter the IP Address of the router that you assigned.  By default, the router is 192.168.1.1...
  For Password- Enter the password you assigned the router. By default, the router’s password is “admin”.
  For File- Click the triple “…” button and browse for the .bin firmware file...
  Click Upgrade button to start upgrading.  A progress bar should show up to show the progress.
  Once the Upgrade is done press and hold the reset button for 30 seconds...Release the reset button...Unplug the power cable from your router, wait for 30 seconds and re-connect the power cable...Now re-configure your router...
  **Make sure your modem is connected to the router on internet port and the computer on the ethernet port of the router while you run the TFTP program.

• Any way to upgrade firmware for Pioneer DVR-K06 DVD-RW drive?

  Finally got around to replacing the factory SuperDrive in my Mac mini the other day. The original drive NEVER worked right out of the box -- would read some CDs but not others, always barfed on burning DL DVDs, etc. My last experience with getting a mini fixed under warranty (mobo on my 1.42 G4 took a dump after a few months) involved two three-hour round trips to the nearest (and I use the term loosely) Apple Store for service. It was cheaper for me to just replace the optical drive in this one than to do that drive again.
  Anyway, enough complaining. The replacement drive has firmware v1.01 and I would like to get it up to the latest available firmware to take advantage of any compatibility, stability, etc. fixes since v1.01. Problem is that I can't find any software that supports flashing the K06 drive. Hope someone here has a solution. I don't have a Windows machine with appropriate connectors to hook the drive up to or I'd go that route ... plus I'd much rather do it on a Mac just on principle ... plus I don't want to have to disassemble the mini again.
  Any solution?

  Hello Sang,
  I have Sun Ultra 40 Workstation which comes with Matshita DVD-RAM drive.
  Mine has D100 firmware and I find other people who has the same drive on different system have D101, D200, D201 firmware.
  So does anyone know how to contact Sun to get the latest firmware for my DVD-RAM drive?
  I did contacted Matshita for this matter and they tell me to contact Sun.
  I did review the Full Components List for the Ultra 40. The only DVD drives listed (Part No. 370-7970) are Panasonic UJ-485 and Teac DV-W28SLA-093. Both aren't capable of reading or writing DVD-RAM.
  In some countries Panasonic uses Matshita as brand name.
  I did a search on SunSolve with the keywords DVD firmware.
  Sun supplies only firmware updates for two DVD readers: Toshiba DVD 1401 (fixes: unable to boot from Solaris 8 DVD) and Toshiba SD-C2732 (fixes: returns incorrect data).
  I was unable to update the firmware of the SD-C2732 (Sun part) with the Sun patch. The drive was attached to an Ultra 10 (with an adapter). I ended attaching the drive to a PC and using a DOS boot floppy with the Toshiba flash program and the Sun firmware.
  Regarding you problems with the drive: Have you tried another brand of media. The Ultra 40 is under warranty (GA date was February 14, 2006).
  Use the contact information from your other thread.
  If you search the net for firmware you can locate sites that offers region-code-free firmware for several drives. Usually they provide a flash program (requires creation of a DOS boot floppy). Using these programs/firmware voids your warranty. Maybe you can not revert the firmware upgrade.
  These slimline drives have no jumpers, the installed firmware (of the drive) determines if the drive is master, slave, uses cable-select (CS) or reversed CS.
  Michael

• Upgrade Firmware for WRT54GS V.6

  I am new to the wireless world and just purchased the WRT54GS V.6 router and it says I have downloads for this firmware. I have copied so many instructions I don't know where to start first. Can someone give me some advise as to what to do? Thanks for any information!!!

  Hi, you seem to know the way around the router, so I hope you help me. I downloaded  the new firmware for v6. and installed it. It call my attention the fact that the firmware started to load slowly, saying that it will restart, and about 40% it congratulate me for the work done, but no restart and after I restarted manually, no wireless!!! Any idea? from the first Easy Link I got a configuration on a pen flash drive, and everytime I restart, I use it, but it is not automatic like it used to be on my older router. Besides the fact that I have to have the computer wired to get it wireless, which is absurd. Thanks if you can help
  Alfredo

• Error Message When Upgrading Firmware for BEFW114S

  To all,
  I have a BEFW114S with a firmware 1.42.7 which I wanted to upgrade to 1.52.02  However, I got the following error message when I tried update the firmware:
  Message:  Warning!  Upgrade File Pattern Error
  Any ideas of what might be causing this.
  Thanks.
  Babylon5

  Hi , here is the problem..... The firmware 1.52.02 is for the model no BEFW11S4 V4.0 and i believe you have BEFW11S4 V3.0...
  Download the firmware 1.45.10 for BEFW11S4 V3.0 and you should be able to upgrade the firmware successfully.

• E Business columns for PCI Compliance

  Does Oracle have a documentation with configuration details to meet Payment Card Industry standards requirements? We are implementing Oracle Advanced Security against Oracle E Business and need to know what columns we should specifically address within E Business to protect our PII/PCI data.
  Any help would be greatly appreciated.
  Bill

  If the router is upgraded with latest firmware...it resolve many problem.So if you get some time you may upgrade the firmare . 

• Disable SSL v2 and weak cipers on a RV325 for PCI compliance

  How do you disable SSL v2 and weak cipers on a RV325 to become PCI compliant?

  Hello
  per Cisco RVS4000 product site information this router is already end of life since January 30, 2010. Last date of support is also already missed - April 30, 2013. This means that according Cisco policy no further updates to existing firmware will be done - neither security-related fixes. And I am afraid that this is fact with which you have to deal.
  regarding RV320 - it seems that there is no any possibility to restrict SSL/TLS protocol/version by your own in current version. Francis - I would recommend you to open service request to Cisco SMB Support if you still have valid support contract. I hope there is good chance to get it fixed as this security related inability.
  lastly - for all products (including RVS4000) - I would suggest to keep management interface of router separated most as possible - i.e. restrict access to management interface only to single subnet/host(s) only (via Firewall feature). With having administration/management subnet and certain client(s) which is a part of this subnet can help to avoid eavesdropping your connection to router. Of course disabling remote management is the best thing you can do in any case (including avoid of possible firmware bugs, loggin attempts and so on).

• Re: Upgrade firmware for Satellite Pro L500 PSLS4E-00C00HIT

  I just recived this bullettin....
  FTP-URL frmwre-20091217163803.html
  Data di ultima modifica 05/26/10
  Ragione Sociale Toshiba
  Tipo Firmware Update
  Sottotipo TS-L633C / TS-L633Y
  Taglia - Dimensioni (Kb) 2
  Versione TO03 - TF03
  Lingua Universal
  ****one World Wide
  Descrizione TF03/TO03: It was updated for the countermeasure against the distorted audio sound issue on CD playback under Windows 7
  TF02/TO02: It was updated for the countermeasure against the issue that the recovery disc can not be created correctly with Toshiba Recovery CD creator.
  Modello Satellite L500, Satellite L555, Satellite L550, Satellite Pro L550, Satellite L505, Satellite Pro L500
  Sistema operativo Windows 7 - 32 Bit
  What means? Do you suggest upgrade?
  Thanks

  Hi
  If you have no problems then you should not update the drives firmware.
  Anyway, the message is clear enough.
  The update has been released for the TS-L633C / TS-L633Y CD/DVD drive.
  If you dont have this CD/DVD drive then you can ignore this message.

• HT1998 Upgrading Firmware for Time Capsule

  I have just upgraded to OS 10.8.1 (Mountain Lion) and find I can no longer back up to my Time Capsule 802.11 as I need to upgrade the firmware but I can't work out how to access my pocket wi fi to enable me to get it. Can anyone help me configure this please? I apologise in advance if I have not used the correct etiquette - this is the first time I have used this sort of media interaction.

  I'm not sure what you mean by "my pocket wi fi".
  You should be able to update the firmware of the Time Capsule with AirPort Utility.  Look in the Utilities folder (Finder menu Go > Utilities).  If it's not there, you can download it here.

• Nokia software updater won't upgrade firmware for ...

  Hi,
  I've seen that there's an updated firmware version for N95 8GB from v11.
  I just bought the phone from Three in the UK. My phone has firmware version 11.0.026. When I use the Nokia Software Updater it says that this firmware version is the latest. I've also used this website to check for an update but when I put the code it says that I have the most recent version.
  Does anyone know how can I update to the latest version?
  Phone type:
  RM-320
  Nokia 95 (93.03)
  Thanks,
  Yiannis

  The nokia software updater doesn't allow you to update because it's network branded. Most networks don't bother approving new updates leaving their customers stuck with old firmware.
  Until three UK decide to update (which could be never) then you are stuck with what you have got. They still haven't allowed owners of the old N95 to update to v20 which was released 4 months ago.
  Message Edited by psychomania on 19-Mar-2008 09:52 AM

• Upgrade firmware for WRT54GX2

  My router LEDs are blinking on and off and it is not working.  Happened all of a sudden as I have had the unit for a couple of years with no problems.  Linksys Website informs that the firmware is corrupted and must be updated.  I am using a tftp file to perform the update as instructed. 
  Problem: When I attempt to launch the .bix firmware file my Windows XP system does not recognize the program and it will not launch.  the tftp file instructs to "browse" in the "code.bin" file from the extracted frimware file.  I have no code.bin file???  I am very confused.  Can anybody help me?
  Thank you.

  Yes the GX router firmware files have .bix extenson. Check if the router is assigning your computer a valid IP address and then then try to broiwse for the file from the tftp itself do not double click on it.If you have issues save the firmware file as a .bin file and try .