So family operates a small bar/lounge in Florida and I work for them part time as a bar back / IT technician. For the past couple months we have been trying to become pci compliant. However, we keep running into issues with passing a network vulnerability scan (which I think is being caused by our icrealtime security camera nvr.
We use clover stations for are 3 pos/terminal systems and are, according to cloversecurity, SAQ type C.
The vulnerability report is as follows:
General remote services - SSL Certificate - Signature Verification Failed Vulnerability httpsport / tcp over ssl CGI - HTTP Security Header Not Detected httpsport / tcp General remote services - SSL Certificate - Invalid Maximum Validity Date Detected - httpsport / tcp over ssl General remote services - SSL/TLS Server supports TLSv1.0 - httpsport / tcp over ssl
This is how I have the network set up: Spectrum modem – > Edgerouter X
On the ERX all 4 ethernet ports are separated (e.g. .1.x , .2.x, .3.x , .4.x).
The .1.x has our jukebox and ATM machine. The .2.x has our IoT (atm only security camera) The .3.x and .4.x contain our pos on one and employee and guest wifi (on a r500 AC point)
I have a firewall ruleset allowing only related/established access to the security camera but blocking IoT network from accessing other lans. I am also dropping connections to the http and https ports for the security camera network but the scan still fails.
I can disable https on the box but can’t disable the http and when I do that I still get an error for:
HTTP Security Header Not Detected httpport / tcp
I’m not sure what else I can do? AFAIK its only the remote gui/webserver of the security camera nvr causing the issues. additional information: I should have a working security certificate from letsencrypt on the ERX so as I don’t get a warning when accessing the gui on my local network (router gui can’t be accessed outside network and POS network and guest network are blocked from accessing that gui)