IDS mailing list archives
RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?
From: "Gary Everekyan" <Gary.Everekyan () consumerinfo com>
Date: Fri, 24 Apr 2009 13:57:50 -0700
If you cannot prove that it is impossible to connect any device to DCE without proper controls than QSA will require scans. If for any reason you do not have any adequate controls to protect the CDE network from unauthorized addition of devises you have a bigger use that just rouge WIFI. There was a post dealing with QSA. And I agree. It is ultimately the QSA that will determine if you have adequate controls protecting the CDE from any rouge device addition whether it is AP or a server. Regards, Gary Everekyan CISSP, CISM, CHS-III, ISSAP, ISSPCS, ITILp, CGEIT, MCSE, MCT Gary_Everekyan () hotmail com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Emm Maxim Sent: Friday, April 24, 2009 12:28 PM To: Gary Everekyan; Taras P. Ivashchenko; focus-ids () securityfocus com Subject: RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Gary you are little it wrong. The intent of requirement is to make sure that there are no rogue wireless access points attached to network. So if you can prove that it is impossible to connect wifi access point (or notebook with Wifi interface activated) to you CDE network - you could not run periodic scan for wifi... I would recommend you to read PCI wireless FAQ 2.0 https://www.paymentsecuritypros.com/labs/ Maxim Emm, CISA, CISSP , PCI QSA -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Gary Everekyan Sent: Friday, April 24, 2009 1:20 AM To: Taras P. Ivashchenko; focus-ids () securityfocus com Subject: RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? You can bypass the requirement if the WIFI Does NOT in any way transmit or connect to PAN data. If the Wireless network does not transmit PAN data and is segmented from the wired network with VPN FW ACL etc. than your WIFI is out of scope. Regards, Gary Everekyan CISSP, CISM, CHS-III, ISSAP, ISSPCS, ITILp, CGEIT, MCSE, MCT Gary_everekyan () hotmail com -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Taras P. Ivashchenko Sent: Thursday, April 23, 2009 12:51 PM To: focus-ids () securityfocus com Subject: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Hello, list! There is requirement in PCI DSS v.1.2: "...11.1 Test for the presence of wireless access points by using a wireless analyzer at least quarterly or deploying a wireless IDS/IPS to identify all wireless devices in use..." I made some research for open source wireless IDSs and results are not good. I found some articles about using together Kismet and Snort but it looks like not best soliution. Air Snort project is dead. What wireless IDS/IPS (especially opensource/free) do you use? -- Тарас Иващенко (Taras Ivashchenko), OSCP www.securityaudit.ru ---- "Software is like sex: it's better when it's free." - Linus Torvalds
Current thread:
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?, (continued)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 24)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Joel Snyder (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Joel Snyder (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Jeremy Bennett (Apr 27)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Emm Maxim (Apr 27)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Nelson Murilo (Apr 24)
- RE: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Gary Everekyan (Apr 24)
- Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Leon Ward (Apr 24)