Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

Re: Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?
From: "Ray" <rpesek () hotmail com>
Date: Sat, 31 Oct 2009 12:31:32 -0400
Although this also does not meet the PCI requirement, one thing you can do 
to rapidly detect transient wireless access points is this:

1. Make sure your network default route leads to your firewall.
2. Monitor the firewall for internal devices trying to do NTP (time sync) 
lookups.

This presumes you have an internal time server system and you have properly 
configured your internal systems to not go to the Internet for time.

It works because home wireless access points are usually set up by default 
to perform time synchronization. As soons as someone plugs one in, it will 
light up the firewall logs. Efforts like this also presume your company is 
not into checkbox compliance and is truly concerned about the security of 
their network.

Brian, where do you find guidance like this? I just can't seem to find it 
anywhere on the PCI web site.

Thanks,

Ray

<brian_klumpp () hotmail com> wrote in message 
news:20091029174027.23311.qmail () securityfocus com   
I realize this thread is a little old, but I did want to make a comment in 
regards to this.  As a QSA, *wired* side scanning alone would be 
insufficient to meet the intent of the PCI DSS 11.1 requirement.  There is 
this quote from PCI Council:

"Relying on wired side scanning tools (e.g. tools that scan suspicious 
hardware MAC addresses on switches) may identify some unauthorized wireless 
devices; however, they tend to have high false positive/negative detection 
rates. Wired network scanning tools that scan for wireless devices often 
miss cleverly hidden and disguised rogue wireless devices or devices that 
are connected to isolated network segments. Wired scanning also fails to 
detect many instances of rogue wireless clients. A rogue wireless client is 
any device that has a wireless interface that is not intended to be present 
in the environment."





-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate 
on your web server, you can securely collect sensitive information online, and increase business by giving your 
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194

  By Date           By Thread  

Current thread:
  • Re: Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? Ray (Nov 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]