RDP SSL Causes PCI Compliance to fail

Found another issue crop up with a firewall rule change that opened up and RDP availability


RDP should be configured using strong encryption methods or use SSL as the privacy and integrity provider.

To configure RDP encryption methods, launched in mmc.exe to run the  'Terminal Services Configuration' or 'Remote Desktop Session Host Configuration' snap-in.


The 'Terminal Services Configuration' or 'Remote Desktop Session Host Configuration' properties dialog box General tab for the Encryption Level 'High' should be selected.

See more here for Windows 2008 R2 basically

  • Start> Administrative Tools> Remote Desktop Services> Remote Desktop Session Host Configuration
  • Click on Connection
  • Click General Tab
  • Change Security FROM Negotiate to SSL(TLS 1.0)
  • Click Encryption Level to “High”
  • A restart may be required (hopefully you won't get kicked out)

Comments

  1. Thanks for this excellent blog post. It helped me learn some of the key issues about PCI compliance. I plan to read your blog a lot more.

    ReplyDelete

Post a Comment

Popular posts from this blog

cf_sql_timestamp vs cf_sql_date vs getdate()

Global SQL Procedure, System Objects and sp_ms_marksystemobject

Ghost Records, Card Recon and PCI Compliance