Reply

PCI Requirement - Port 443

GaACETech
Tutor

PCI Requirement - Port 443

Nighthawk AC2300, RS400

 

Friends that own a small shop were notified by the credit card clearing house that they needed to close port 443.

 

There are 3 users and each station has a credit card machine.  the stations are plugged into a Netgear switch (which plugs into the router).

 

Will turning off this port 443 cause other issues?  Is it possible on the nighthawk?

 

 

Suggestions?

 

Thanks.

Darryl

 

Model: RS400|Nigthhawk AC2300 Cybersecurity WiFi Router
Message 1 of 3
DarrenM
Sr. NETGEAR Moderator

Re: PCI Requirement - Port 443

Message 2 of 3
antinode
Guru

Re: PCI Requirement - Port 443

> Nighthawk AC2300, RS400

 

   Firmware version?  Connected to what?

 

> [...] they needed to close port 443.

 

   Port 443 normally refers to HTTPS, a "Secure" (encrypted) version of
HTTP (the communication protocol used by web servers/browsers).
Presumably, your friends are not (intentionally) running a web server on
their network.

 

   I don't have an RS400, and the RS400 User Manual is less helpful than
it might be, so I know nothing, but...

 

   Typical Netgear consumer-grade routers (model Rxxxx, say) have a
management web site ("routerlogin.net", or whatever) which uses port 80
(HTTP, not encrypted), and can be accessed only from a system on its
LAN (where everything is local, so encryption is usually not critical).


   As an _option_ on many models, you can enable a Remote Management
feature (ADVANCED > Advanced Setup > Remote Management), which enables
the use of port 443 (HTTPS, "Secure", encrypted) to access it from a
system in the outside world (where encryption would have more value).

 

   The RS400 is different in that it _normally_ uses HTTPS (port 443)
for access to its management web site, even from a system on its LAN.
(Part of its "Cybersecurity"-ness, I assume.)

 

   If the credit-card service is seeing port 443 on the RS400 as "open",
then my first guess would be that they're seeing this management web
site.

 

   In my quick look at the RS400 User Manual, I saw nothing about local
versus remote management, so I don't know if the RS400 has such a
feature, and, if it does, I also don't know if it can be
enabled/disabled by the user.

   Lacking any actual knowledge, I'd run a quick experiment: Point a web
browser on a system in the outside world (yours, for example) at your
friends' router, using a URL like, say:


      https://<small_shop_IP_address>

 

and see what happens.  Do you get a user name and password request from
the RS400, or some other web page, or an error message, or what?

   If you find that you're talking to the RS400 management web site when
you do that, then there may be things which can be done to disable that
kind of access in a way which would satisfy the credit-card service.  In
any case, more information is needed to determine what the credit-card
service is actually seeing which triggered the complaint.

 


> You will want to check out this KB [...]

 

   I doubt it.  "Block Services" restricts how local clients can access
the Internet.  It's unrelated to how outside-world systems can access
your friends' stuff.

Message 3 of 3
Top Contributors
Discussion stats
  • 2 replies
  • 448 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi WiFi 6E