The PCI Security Standards Council Wireless Special Interest Group published the PCI DSS Wireless Guideline on July 16, 2009 that clarifies the wireless security requirements. To comply with PCI DSS all organizations regardless of whether or not they have deployed a wireless LAN(WLAN) need to pay attention to securing their Cardholder Data Environment (CDE) from wireless threats. All locations must be scanned to eliminate wireless vulnerabilities.
Select your cardholder data environment (CDE) below to see which PCI DSS wireless requirements apply to your organization and which AirTight Cloud service is best for you.
Applicable PCI DSS Requirements |
Recommended Airtight Cloud Services |
Section 11.1
Conduct wireless scans at least quarterly at all locations
Organizations must scan ALL their sites at least quarterly to detect Rogue or unauthorized wireless devices that may be attached to the CDE. Sampling of few sites for scanning is not allowed. Scanning only the CDE wired network does not serve the purpose as it cannot detect Rogue wireless devices.
Walking around with a wireless analyzer for conducting scans is a time-consuming process, limited in scope (in terms of ability to discover Rogue APs and relevance over a longer time duration), cannot scale for large premises and is costly if multiple sites have to be scanned. Using a wireless IPS (WIPS) for scanning is a much more convenient and comprehensive alternative. A WIPS gives you:
- 24x7 monitoring of wireless devices
- Ability to maintain an up-to-date wireless device inventory (recommended by the PCI SSC Wireless SIG)
- Instant detection of Rogue wireless APs
- Automatic blocking of Rogue APs and other wireless threats or hack attacks
- Location tracking capability to physically hunt down Rogue and other threat posing wireless devices |
PCI Scan Service |
Section 11.4
Monitor wireless intrusion alerts
A WIPS should be configured to send automatic threat alerts and instantly notify concerned personnel about potential risks and attacks. |
Section 12.9
Eliminate wireless threats
A WIPS can help you automatically respond to incidents by blocking wireless threats such as Rogue APs before any damage is done. Any Rogue AP connected to a wired network inside the CDE should be physically removed. The location tracking capability of a WIPS can help locate the Rogue AP. A WIPS can also proactively protect against other common wireless threats such as man-in-the-middle attack, denial-of-service attack, and ad-hoc networks.
|
PCI Wireless Alerts Service
|
Click here to go back to your previous product page |