PCI Compliance

We are working on ensuring our PCI compliance and one of the questions surrounds our use of remote access to our computers. With that said, there are several questions that have come up that I don't have an answer to, can someone help? I'm asking these in terms of our use of go to my pc only.

True or False; Strong cryptography for remote administrative access is implemented according to industry best practice and/or vendor recommendations for the technology in use.

True or False; Administrator access to web-based management interfaces is encrypted with strong cryptography. For web-based management, examples of encryption technologies include SSL/TLS .

True or False; Systems are configured so that Telnet and other insecure remote login commands are not allowed. For remote administrative access, use technologies such as SSH, VPN, or SSL/TLS .

True or False; All remote administrative access is encrypted with strong cryptography, and a strong encryption method is invoked before the administrator's password is requested.

Find more posts tagged with

Comments

Heather Smith1

THANK YOU Brian! This is what I needed.

Brian H2

Hi Heather,

Thanks for posting in the community!

True: Strong cryptography is utilized by GoToMyPC. GoToMyPC uses 128-bit Advanced Encryption Standard (AES encryption) which is an industry standard currently.

True: Administrator web-based management is also encrypted with strong cryptography. All Web-site connections are protected using SSL with a minimum of 128-bit symmetric encryption and a 1024-bit authenticated key agreement. If the browser does not support a strong cipher suite, the user will be redirected to a page that explains how to upgrade the browser. The GoToMyPC server is authenticated with an X.509 digital certificate. The administrator authenticates by username/password.

"System configuration to ensure that Telnet and other insecure remote login commands are not allowed" would be controlled by the network/system administrator within your own company/office environment. GoToMyPC only utilizes the connection protocols outlined in the security white paper and firewall documentation.

For additional details about the security, encryption and administration of GoToMyPC please refer to the security white paper linked above.

Quick Links

Join the conversation!

If you found this discussion useful, why not register/sign-in? It only takes a minute to share your feedback, ask a question, or vote for a new feature!