IDS mailing list archives
Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?
From: Jason <securitux () gmail com>
Date: Fri, 24 Apr 2009 15:40:42 -0400
The purpose of that requirement is to detect rogue AP's attached to the cardholder data network and has nothing at all to do with existing wireless infrastructure, so no you can't bypass it. I think you might be thinking of one of the other requirements surrounding scope. Taras, Chris's suggestion may work. Personally as an assessor I would be borderline with RogueScanner... There are lots of ways to mask a rogue AP from a wired network if someone wants to. I'd have to see how it works. We've used AirDefense which works real well, not free unfortunately. If you have a wireless environment that uses Cisco AP's for example and you have complete coverage, the legit AP's will detect rogue AP's and cover that requirement off. I even bought a Linksys AP a few weeks ago that has rogue AP detection... it's not uncommon. Honestly depending on the size of your environment, walking around with a scanner might be more cost effective. -J On Thu, Apr 23, 2009 at 5:20 PM, Gary Everekyan <Gary.Everekyan () consumerinfo com> wrote:
You can bypass the requirement if the WIFI Does NOT in any way transmit or connect to PAN data. If the Wireless network does not transmit PAN data and is segmented from the wired network with VPN FW ACL etc. than your WIFI is out of scope. Regards, Gary Everekyan CISSP, CISM, CHS-III, ISSAP, ISSPCS, ITILp, CGEIT, MCSE, MCT Gary_everekyan () hotmail com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Taras P. Ivashchenko Sent: Thursday, April 23, 2009 12:51 PM To: focus-ids () securityfocus com Subject: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Hello, list! There is requirement in PCI DSS v.1.2: "...11.1 Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use..." I made some research for open source wireless IDSs and results are not good. I found some articles about using together Kismet and Snort but it looks like not best soliution. Air Snort project is dead. What wireless IDS/IPS (especially opensource/free) do you use? -- Тарас Иващенко (Taras Ivashchenko), OSCP www.securityaudit.ru ---- "Software is like sex: it's better when it's free." - Linus Torvalds
Current thread:
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?, (continued)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 24)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Gary Everekyan (Apr 24)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 24)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Joel Snyder (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Joel Snyder (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 24)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Emm Maxim (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Nelson Murilo (Apr 24)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Gary Everekyan (Apr 24)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Leon Ward (Apr 24)