Educause Security Discussion mailing list archives
Re: PCI Wireless Question for other colleges/universities
From: "Manjak, Martin" <mmanjak () ALBANY EDU>
Date: Mon, 25 Jan 2016 18:57:54 +0000
Paul, Assuming we're talking about "Establish a process to scan for rogue wireless access points on at least a quarterly basis," we were advised by our QSA that a visual inspection on CDE segments only was sufficient to satisfy this requirement. Marty Manjak ISO University at Albany From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Paul Chauvet Sent: Monday, January 25, 2016 1:05 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] PCI Wireless Question for other colleges/universities Hello all, I'm wondering how other colleges/universities handled a specific PCI requirement, 11.1.2, regarding unauthorized wireless access points. We have a few areas with payments going over wireless, but even if we changed things to not use wireless for payments, it appears that this requirement is applicable. We have taken appropriate steps to secure the terminals/computers, and had a skilled penetration testing company that was completely unable to break through to the payment terminals (or even through the network segmentation). We also have scanning in place that can detect rogue access points. I believe that the systems are secure but security isn't compliance. In this day and age where anyone can turn their phone into an access point, there are always a number of them, most of them being transient. What have other colleges done when faced with these situations? We're not a huge school that can afford the staff that it would take to go hunt the transient access points down. I'd appreciate anything you can share on- or off-list about this scenario. Thanks, Paul Chauvet Information Security Officer State University of New York at New Paltz chauvetp () newpaltz edu<mailto:chauvetp () newpaltz edu> 845-257-3828 [emlogo]
Current thread:
- PCI Wireless Question for other colleges/universities Paul Chauvet (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Manjak, Martin (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Paul Chauvet (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Brad Judy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Rumford, Charles C (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Paul Chauvet (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Paul Chauvet (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Manjak, Martin (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Carroll, Tim (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Kevin Reedy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Brad Judy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Kevin Reedy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Brad Judy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Kevin Reedy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Carroll, Tim (Jan 26)