Service Object - Address Object name - Scan compliance
I have an open port for camera on my firewall TZ400. The firewall will pass the traffic on TCP port 81 to camera.
There is no fix on camera side. Is there a way in inject HTTP header to this open port so PCI scan compliance does not fail??
Fail messages are
"CGI: HTTP Security Header Not Detected : 81 / tcp"
"CGI: Session Cookie Does Not Contain the "Secure" Attribute: 81 / tcp"
There is no issues on scan and port 81, on web server, web application, information gathering,
Address Object name: CAMERA, Zone: LAN, Type: Host
Service Object: Port 81
Please help of what I can do so PCI scan does not fail? Inject HTTP header? close port for scan?
If you are following the PCI DSS compliance, The Camera /NVR web application must be PCI compliance certified. You must have to enable HTTPS with signed certificate f you want publish the CCTV Access not HTTP access.
CGI: HTTP Security Header Not Detected : 81 / tcp : not enabled the HSTS. Most of the camera web applications are not enabled HTTP Strict Transport Security (HSTS).
I appreciate your help.
I use Blue Iris program to be able to view cameras.
I do have a sign ssl certificate from go daddy.
Can you show me steps how to fix both issues?
Hi @Mike11224466 ,
First you would have to stop the HTTP port and enable the HTTPS service and port in NVR system.
In Firewall, instead the HTTP service you have to enable the HTTPS service to the NVR/Camera.
For more info about the PCI compliance for the camera please read below article;
Can you please show all steps necessary to do what you recommended please?
I am not so proficient