Re: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..". Kismet+Snort?



This is probably a question for your PCI DSS CSA. They afterall make the real rules.

Sent from a mobile device. Apologies for any typos but they happen.

On 23 Apr 2009, at 23:04, Chris Waters <cwaters@xxxxxxxxx> wrote:

Hi,

It is also possible to meet the PCI 11.1 requirement by scanning the *wired* network looking for wireless access points. This is much easier to do and more practical that walk-around wireless audits using a laptop based tool. There is an open source project called RogueScanner (http://paglo.com/opensource/roguescanner)---which I am one of the authors of---that is specifically designed for wired side discovery of APs.

Regards,

Chris.

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Taras P. Ivashchenko
Sent: Thursday, April 23, 2009 12:51 PM
To: focus-ids@xxxxxxxxxxxxxxxxx
Subject: PCI DSS 11.1 - ".. deploying a wireless IDS/IPS..".
Kismet+Snort?

Hello, list!

There is requirement in PCI DSS v.1.2:

"...11.1 Test for the presence of wireless access points by using a
wireless analyzer at least quarterly or deploying a wireless IDS/ IPS to
identify all wireless devices in use..."

I made some research for open source wireless IDSs and results are not
good.
I found some articles about using together Kismet and Snort but it
looks like not best soliution.
Air Snort project is dead.
What wireless IDS/IPS (especially opensource/free) do you use?


--
Тарас Иващенко (Taras Ivashchenko), OSCP www.securityaudit.ru
----
"Software is like sex: it's better when it's free." - Linus Torvalds



Relevant Pages