New PCI Standards for Wireless Networks
Small Business owners need to read and understand new PCI Security Standards Council recommendations for businesses operating wireless networks. The new recommendations include a step-by-process to ensure a business' WLAN meets PCI requirements.
Recommendations included in the PCI Security Standards Council Wireless Guidelines provide measures for wireless deployments that were not adequately covered in the PCI Data Security Standard (DSS).
Hopes are the new guidelines will help merchants understand the impact of wireless networks on their PCI compliance efforts. Merchants who believe their WiFi network is exempt from PCI rules because no cardholder data is carried through the wireless network are wrong. "Wireless is always in the scope of the PCI assessment," says Troy Leach, technical director of the PCI Council.
Get a free Vulnerability Assessment including full reports showing non-compliance with PCI DSS and new WiFi requirements. Contact Us today for your free analysis and reportĀ
Major PCI requirements for wireless in the new specification include:
- Scanning for rogue access points on the WLAN
- Physical security of wireless access points
- Use of wireless intrusion prevention tools
- Use of strong authentication and encryption
- Setting and enforcing wireless usage policies
The set of recommendations for segmenting WLANs that do not store, process, or transmit card data includes using a stateful packet-inspection firewall that blocks traffic from entering the cardholder data part of the network, and warns merchants not to use VLANs based on MAC address filters to segregate the WLANs. It says to monitor firewall logs each day and every six months, verify firewall rules.
Share this
Digg
Del.icio.us
StumbleUpon
Slashdot
Furl
Yahoo
Technorati
Newsvine
Googlize this
Blinklist
Facebook
Wikio
Print
E-mail
Tags