Tune Plesk to Meet PCI DSS on Windows
This section describes the steps that you should perform if you want to secure your server and achieve compliance with PCI DSS on a Microsoft Windows-based server.
Warning: We highly recommend that you configure the Windows firewall in the server operating system to block all remote procedure calls (RPC) and communications to the Windows Management Instrumentation (WMI) services.
Set up encryption of the remote desktop connections to prevent man-in-the-middle attacks. For instructions, refer to http://technet.microsoft.com/en-us/library/cc782610.aspx.
Some PCI scanners report a man-in-the-middle attack if you do not change the RDP port to a custom value. To do it, complete the following steps:
regeditutility by clicking Start > Run, typing regedit, and then clicking OK.
Change the port value by modifying the following registry key:
Use the firewall functions built into your Plesk.
Log in to Plesk as administrator.
Go to Tools & Settings > Firewall.
Go To the Firewall Rules tab.
Click the icon to switch the Plesk MySQL server rule. The icon will turn to .
If you allow FTP connections to your server, you must prohibit all FTP connections except secure FTPS connections.
To allow only FTPS connections to your server:
Go to Tools & Settings > Security Policy.
Select the option Allow only secure FTPS connections for FTPS usage policy.