We are having issues with the phone system (PBXact UC 100) causing HIGH LEVEL vulnerability reports using Nessus scanning software. We have to perform these scans for several clients to assure both corporate security policies and PCI compliance are met quarterly.
It appears to be with the remote connection ports being open to the phone system through the firewall. We have had to write detailed quarterly reports explaining the need for these remote access ports to get the PCI people satisfied and explain it to corporate leadership. Is there anything anyone knows that could improve this issue? Does anyone else do security scans and have these issues? If so, how do you deal with this?