Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Service Object - Address Object name - Scan compliance

Hi

I have an open port for camera on my firewall TZ400. The firewall will pass the traffic on TCP port 81 to camera.

There is no fix on camera side. Is there a way in inject HTTP header to this open port so PCI scan compliance does not fail??

Fail messages are

"CGI: HTTP Security Header Not Detected : 81 / tcp"

"CGI: Session Cookie Does Not Contain the "Secure" Attribute: 81 / tcp"

There is no issues on scan and port 81, on web server, web application, information gathering,

Address Object name: CAMERA, Zone: LAN, Type: Host

Service Object: Port 81

Please help of what I can do so PCI scan does not fail? Inject HTTP header? close port for scan?

Category: Firewall Management and Analytics
Reply

Answers

  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    Hi @Mike11224466,

    If you are following the PCI DSS compliance, The Camera /NVR web application must be PCI compliance certified. You must have to enable HTTPS with signed certificate f you want publish the CCTV Access not HTTP access.

    CGI: HTTP Security Header Not Detected : 81 / tcp : not enabled the HSTS. Most of the camera web applications are not enabled HTTP Strict Transport Security (HSTS).

    "CGI: Session Cookie Does Not Contain the "Secure" Attribute: 81 / tcp" : If your web application uses cookies, then the data stored in cookies can be intercepted and recovered by unauthorized users if the data is transmitted over HTTP connection, thus causing the information disclosure. To prevent this, a “secure” flag can be set on the cookie and the flag will tell the browser to only transmit cookies over HTTPS connection, not over HTTP connection

  • Hi
    I appreciate your help.
    I use Blue Iris program to be able to view cameras.
    I do have a sign ssl certificate from go daddy.
    Can you show me steps how to fix both issues?
  • AjishlalAjishlal All-Knowing Sage ✭✭✭✭

    Hi @Mike11224466 ,

    First you would have to stop the HTTP port and enable the HTTPS service and port in NVR system.

    In Firewall, instead the HTTP service you have to enable the HTTPS service to the NVR/Camera.

    For more info about the PCI compliance for the camera please read below article;


  • Thanks
    Can you please show all steps necessary to do what you recommended please?
    I am not so proficient
Sign In or Register to comment.