Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: PCI Wireless Question for other colleges/universities

From: "Rumford, Charles C" <charlesr () ISC UPENN EDU>
Date: Mon, 25 Jan 2016 19:26:29 +0000


On Jan 25, 2016, at 2:21 PM, Paul Chauvet <chauvetp () NEWPALTZ EDU> wrote:

Hi Marty,

Sorry for the lack of clarification!  It isn’t as much the “establish a process to scan for rogue wireless access 
points”, because we have a process to detect such via our wireless system (Aruba).

Our issue is more with 11.1.2b: “Is action taken when unauthorized wireless access points are found”.  I’m not sure 
what actions are viable in an environment like a college (at least with our staffing requirements), especially with 
ad-hoc networks and cell phones acting as access points.

Is “We’ve made sure it isn’t near a dedicated payment area if the access point wasn’t transient” suitable as an 
action for this?  I’m open to ideas.

Thanks all,



Doesn’t this requirement only apply to rouge APs broadcasting your SSID? Including all rouge APs is super challenging. 
I have APs with 100-200 neighboring APs, and probably 60-70% of them aren’t run by me.

We actively look for people broadcasting our SSID, and deal with those. Do deal with all rouge APs isn’t worth the time 
and effort unless there is a problem.

----
Charles Rumford
Network Engineer/Senior Wireless Engineer
ISC Network Operations
University of Pennsylvania
OpenPGP Key ID: 0xF3D8215A
(p) 215-746-2808

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

Previous By Date Next
Previous By Thread Next

Current thread: