Hi - after a security scan on Windows Server Web SP2, I received this message
"The service running on this port (most often Telnet, FTP, etc…) appears to make use of a plaintext (unencrypted) communication channel. Payment industry policies (PCI 1.1.5.b, 2.2.2.b, 2.3, & 8.4.a) forbid the use of such insecure services/protocols. Unencrypted communication channels are vulnerable to the disclosure and/or modification of any data transiting through them (including usernames and passwords), and as such the confidentially and integrity of the data in transit cannot be ensured with any level of certainty.
Transition to using more secure alternatives such as SSH instead of Telnet and SFTP in favor of FTP, or consider wrapping less secure services within more secure technologies by utilizing the benefits offered by VPN, SSL/TLS, or IPSec for example. Also, limit access to management protocols/services to specific IP addresses (usually accomplished via a “whitelist”) whenever possible."
I currently connect to that server via Remote Desktop, and upload files to it from Wise-FTP.
Can anyone please let me know what I need to do to address the security note, without stopping me from accessing the server via Remote Desktop, and from transferring files to it? I'm concerned that I may do something, that will cut all of my access to it.
Thanks for any advice,
Mark