IDS: Re: Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

IDS mailing list archives

Re: Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?

From: brian_klumpp () hotmail com
Date: 29 Oct 2009 17:40:27 -0000

I realize this thread is a little old, but I did want to make a comment in regards to this.  As a QSA, *wired* side 
scanning alone would be insufficient to meet the intent of the PCI DSS 11.1 requirement.  There is this quote from PCI 
Council:

"Relying on wired side scanning tools (e.g. tools that scan suspicious hardware MAC addresses on switches) may identify 
some unauthorized wireless devices; however, they tend to have high false positive/negative detection rates. Wired 
network scanning tools that scan for wireless devices often miss cleverly hidden and disguised rogue wireless devices 
or devices that are connected to isolated network segments. Wired scanning also fails to detect many instances of rogue 
wireless clients. A rogue wireless client is any device that has a wireless interface that is not intended to be 
present in the environment."

-----------------------------------------------------------------
Securing Your Online Data Transfer with SSL.
A guide to understanding SSL certificates, how they operate and their application. By making use of an SSL certificate 
on your web server, you can securely collect sensitive information online, and increase business by giving your 
customers confidence that their transactions are safe.
http://www.dinclinx.com/Redirect.aspx?36;5001;25;1371;0;1;946;9a80e04e1a17f194

By Date By Thread

Current thread:

Re: Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort? brian_klumpp (Oct 30)