Verify the testing process is adequate to detect and identify unauthorized Wireless Access Points, including wireless devices attached to a network device or a network port.
(Testing Procedures § 11.1.a, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
Examine the policies and procedures to verify that processes have been implemented to detect and identify authorized Wireless Access Points and unauthorized Wireless Access Points on a quarterly basis.
(§ 11.1.a, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
Verify that a wireless analyzer is used at least quarterly, or that a wireless IDS/IPS is implemented and configured to identify all wireless devices.
(§ 2.2 (2.2.150), The Center for Internet Security Wireless Networking Benchmark, 1) Organizations that do not have a WLAN should also perform wireless screenings periodically.
The organization should periodically test the WLAN for the presence of unauthorized or rogue bridges, stations, and/or access points.
Such unauthorized or misconfigured devices should be removed from the network, or have their… (Critical components of information security 28) x., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
Banks should regularly scan for unauthorized or misconfigured wireless infrastructure devices, using techniques such as "war driving" to identify access points and clients accepting peer-to-peer connections.
(Critical components of information security 28) vi., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds) Unauthorized (i.e., rogue) access points should be deactivated. Identified devices should be reconciled against a list of authorized wireless access points.
Network vulnerability scanning tools should be configured to detect wireless access points connected to the wired network.
0 kommentar(er)
