PCI DSS Compliance : Insecure Communication Has Been Detected

saurabh84g · October 31, 2012, 3:57pm

From the nessus scanner tool report i got below vulnerability
PCI DSS Compliance : Insecure Communication Has Been Detected

http://www.tenable.com/plugins/index.php?view=single&id=56208

As per the description given in above link - I am not able to understand

How to find insecure port or services.

OS - RHEL 5.0

Any one has any idea??

we have to remove the vulnerability before the audit happens

any help would be appreciated!!

Yoda · October 31, 2012, 4:52pm

AFAIU there are some services running on your host which does not support TLS or SSL. You can run nmap on your host and discover services running on your network and identify the insecure ones.

bakunin · November 7, 2012, 8:52am

Have a look at the man page of "netstat" to understand how to see ports with daemons listening.

I hope this helps.

bakunin