How to make SilverSHielD PCI-compliant

Some of our customers operating in specific verticals (especially in the financial sector) need their SSH/SFTP to be PCI compliant.

With SilverSHielD this is just a matter of how you configure it.

In fact, the PCI compliance test performs checks to identify whether or not certain “weak” encryption algorithms are supported. If they are, the test fails.

Therefore you need to disable such weak algorithms, and to do so you have to use the Expert Settings panel.

Please disable (uncheck) the SHA1-96, MD5, MD5-96 and NONE MAC algorithms; then disable the 3DES, NONE, DES, and 3DES (CTR) crypto algorithms. Save your configuration and run your PCI compliance test: SilverSHielD will now pass it without problems.

As of SilverSHielD v5.4 (and subsequent versions) SilverSHielD provides a handy drop-down menu to quickly configure the server for certain well-known scenarios, so you can simply use such menu, and save your configuration after the changes have been applied for you.

Comments are closed.