Monday, March 5, 2018

F5 LTM SSL client-ssl for PCI compliances

In order to be  PCI-DSS  compliance by June 30 2018, you need to  have disable  TLS v1.0 and any older SSL protocols ( !!which you should have already done btw!! ).

To do this  in a F5-LTM, it's quite simple. Just set the  disable  options for no tls1 and no ssl2 and no ssl3. You can also   trim down the cipher suite that you will accept.




You can use  SSLLAB or  HTBrigde to double  check that the ltm virtual-server does not  allow  those protocols.


Alternative you can monitor the  connections using sslscan or openssl or even  curl.

e.g







You can use  a online ASV  service also for PCI compliance checks and to ensure no glaring holes are left in your PCI compliance.


https://www.serverscan.com/PCI-Compliance-Scanning-Solutions-for-Your-Business

or comodo Hackerguardian

https://www.hackerguardian.com


( e.g comodo )








Ken Felix




NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment