- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
PCI Requirement - Port 443
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
PCI Requirement - Port 443
Nighthawk AC2300, RS400
Friends that own a small shop were notified by the credit card clearing house that they needed to close port 443.
There are 3 users and each station has a credit card machine. the stations are plugged into a Netgear switch (which plugs into the router).
Will turning off this port 443 cause other issues? Is it possible on the nighthawk?
Suggestions?
Thanks.
Darryl
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: PCI Requirement - Port 443
You will want to check out this KB
DarrenM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Re: PCI Requirement - Port 443
> Nighthawk AC2300, RS400
Firmware version? Connected to what?
> [...] they needed to close port 443.
Port 443 normally refers to HTTPS, a "Secure" (encrypted) version of
HTTP (the communication protocol used by web servers/browsers).
Presumably, your friends are not (intentionally) running a web server on
their network.
I don't have an RS400, and the RS400 User Manual is less helpful than
it might be, so I know nothing, but...
Typical Netgear consumer-grade routers (model Rxxxx, say) have a
management web site ("routerlogin.net", or whatever) which uses port 80
(HTTP, not encrypted), and can be accessed only from a system on its
LAN (where everything is local, so encryption is usually not critical).
As an _option_ on many models, you can enable a Remote Management
feature (ADVANCED > Advanced Setup > Remote Management), which enables
the use of port 443 (HTTPS, "Secure", encrypted) to access it from a
system in the outside world (where encryption would have more value).
The RS400 is different in that it _normally_ uses HTTPS (port 443)
for access to its management web site, even from a system on its LAN.
(Part of its "Cybersecurity"-ness, I assume.)
If the credit-card service is seeing port 443 on the RS400 as "open",
then my first guess would be that they're seeing this management web
site.
In my quick look at the RS400 User Manual, I saw nothing about local
versus remote management, so I don't know if the RS400 has such a
feature, and, if it does, I also don't know if it can be
enabled/disabled by the user.
Lacking any actual knowledge, I'd run a quick experiment: Point a web
browser on a system in the outside world (yours, for example) at your
friends' router, using a URL like, say:
https://<small_shop_IP_address>
and see what happens. Do you get a user name and password request from
the RS400, or some other web page, or an error message, or what?
If you find that you're talking to the RS400 management web site when
you do that, then there may be things which can be done to disable that
kind of access in a way which would satisfy the credit-card service. In
any case, more information is needed to determine what the credit-card
service is actually seeing which triggered the complaint.
> You will want to check out this KB [...]
I doubt it. "Block Services" restricts how local clients can access
the Internet. It's unrelated to how outside-world systems can access
your friends' stuff.
• What is the difference between WiFi 6 and WiFi 7?
• Yes! WiFi 7 is backwards compatible with other Wifi devices? Learn more