Focus on IDS
PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 23 2009 07:50PM
Taras P. Ivashchenko (taras securityaudit ru) (2 replies)
RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 23 2009 10:04PM
Chris Waters (cwaters paglo com) (1 replies)
Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 24 2009 06:43PM
Leon Ward (leon rm-rf co uk)
RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 23 2009 09:20PM
Gary Everekyan (Gary Everekyan consumerinfo com) (4 replies)
Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 24 2009 07:40PM
Jason (securitux gmail com)
The purpose of that requirement is to detect rogue AP's attached to
the cardholder data network and has nothing at all to do with existing
wireless infrastructure, so no you can't bypass it. I think you might
be thinking of one of the other requirements surrounding scope.

Taras, Chris's suggestion may work. Personally as an assessor I would
be borderline with RogueScanner... There are lots of ways to mask a
rogue AP from a wired network if someone wants to. I'd have to see how
it works.

We've used AirDefense which works real well, not free unfortunately.
If you have a wireless environment that uses Cisco AP's for example
and you have complete coverage, the legit AP's will detect rogue AP's
and cover that requirement off. I even bought a Linksys AP a few weeks
ago that has rogue AP detection... it's not uncommon.

Honestly depending on the size of your environment, walking around
with a scanner might be more cost effective.

-J

On Thu, Apr 23, 2009 at 5:20 PM, Gary Everekyan
<Gary.Everekyan (at) consumerinfo (dot) com [email concealed]> wrote:
> You can bypass the requirement if the WIFI Does ?NOT in any way transmit or connect to PAN data. If the Wireless network does not transmit PAN data and is segmented from the wired network with VPN FW ACL etc. than your WIFI is out of scope.
>
>
> Regards,
> Gary Everekyan
> CISSP, CISM, CHS-III, ISSAP, ISSPCS, ITILp, CGEIT, MCSE, MCT
> Gary_everekyan (at) hotmail (dot) com [email concealed]
>
> -----Original Message-----
> From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]] On Behalf Of Taras P. Ivashchenko
> Sent: Thursday, April 23, 2009 12:51 PM
> To: focus-ids (at) securityfocus (dot) com [email concealed]
> Subject: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?
>
> Hello, list!
>
> There is requirement in PCI DSS v.1.2:
>
> "...11.1 Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use..."
>
> I made some research for open source wireless IDSs and results are not good.
> I found some articles about using together Kismet and Snort but it looks like not best soliution.
> Air Snort project is dead.
> What wireless IDS/IPS (especially opensource/free) do you use?
>
>
> --
> ôÁÒÁÓ é×ÁÝÅÎËÏ (Taras Ivashchenko), OSCP www.securityaudit.ru
> ----
> "Software is like sex: it's better when it's free." - Linus Torvalds
>

[ reply ]
RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 24 2009 07:27PM
Emm Maxim (maxus infosec ru) (1 replies)
RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 24 2009 08:57PM
Gary Everekyan (Gary Everekyan consumerinfo com)
RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 24 2009 06:35PM
Thiago Musa (klawiq gmail com)
Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 24 2009 06:04PM
Jeremy Bennett (jeremyfb mac com) (2 replies)
Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 24 2009 08:22PM
nelson pangeia com br (Nelson Murilo)
RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 24 2009 06:48PM
Gary Everekyan (Gary Everekyan consumerinfo com) (1 replies)
Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 24 2009 07:00PM
Jeremy Bennett (jeremyfb mac com) (2 replies)
Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 25 2009 08:01AM
Joel Snyder (Joel Snyder Opus1 COM) (1 replies)
Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 26 2009 07:41AM
Jeremy Bennett (jeremyfb mac com) (1 replies)
Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 27 2009 09:05AM
Joel Snyder (Joel Snyder Opus1 COM) (1 replies)
Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 27 2009 03:28PM
Jeremy Bennett (jeremyfb mac com)
RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Apr 25 2009 05:04AM
Emm Maxim (maxus infosec ru)


 

Privacy Statement
Copyright 2010, SecurityFocus