Wireless Activity Monitoring for PCI DSS Compliance

Posted by dkusleika on Super User See other posts from Super User or by dkusleika
Published on 2010-05-12T14:07:44Z Indexed on 2010/05/12 14:14 UTC
Read the original article Hit count: 402

In an effort to be PCI DSS compliant, I took a trustkeeper.net questionnaire. I failed the question that asks

Is the presence of wireless access points tested for by using a wireless analyzer at least quarterly or by deploying a wireless IDS/IPS to identify all wireless devices in use? (SAQ #11.1)

My only wireless access point is outside my firewall, so even if you cracked my wireless you couldn't get inside my domain (unless you crack that too). My firewall doesn't have IPS and I couldn't tell if it had IDS.

I looked around for a wireless analyzer, but what I found was $500, which is a little pricey for my size business. And even if I got it, I'm not sure I would understand what it tells me. Surely there are smaller/less sophisticated businesses that take credit cards and have solved this.

My questions are: What are the risks if someone were to crack my wireless? (Could they read all internet traffic? Just wireless traffic? Just use my internet connection?) And what is the best/cheapest way to test my connection point quarterly? Should I buy the $500 analyzer?

Domain is Windows Server 2000. Firewall is Sonicwall Pro 2040. Router is 8 port D-link.

© Super User or respective owner

Related posts about pcidss

Related posts about wireless-access-point