Educause Security Discussion mailing list archives
Re: PCI Wireless Question for other colleges/universities
From: Paul Chauvet <chauvetp () NEWPALTZ EDU>
Date: Mon, 25 Jan 2016 19:50:46 +0000
If that is correct (it only refers to rogue access points broadcasting our SSID) then that is far simpler than I thought. I thought it was for all unauthorized access points in the area. Thanks Charles & Brad for that clarification! Paul Chauvet Information Security Officer State University of New York at New Paltz chauvetp () newpaltz edu 845-257-3828 -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Rumford, Charles C Sent: Monday, January 25, 2016 2:26 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] PCI Wireless Question for other colleges/universities
On Jan 25, 2016, at 2:21 PM, Paul Chauvet <chauvetp () NEWPALTZ EDU<mailto:chauvetp () NEWPALTZ EDU>> wrote:
Hi Marty,
Sorry for the lack of clarification! It isn’t as much the “establish a process to scan for rogue wireless access points”, because we have a process to detect such via our wireless system (Aruba).
Our issue is more with 11.1.2b: “Is action taken when unauthorized wireless access points are found”. I’m not sure what actions are viable in an environment like a college (at least with our staffing requirements), especially with ad-hoc networks and cell phones acting as access points.
Is “We’ve made sure it isn’t near a dedicated payment area if the access point wasn’t transient” suitable as an action for this? I’m open to ideas.
Thanks all,
Doesn’t this requirement only apply to rouge APs broadcasting your SSID? Including all rouge APs is super challenging. I have APs with 100-200 neighboring APs, and probably 60-70% of them aren’t run by me. We actively look for people broadcasting our SSID, and deal with those. Do deal with all rouge APs isn’t worth the time and effort unless there is a problem. ---- Charles Rumford Network Engineer/Senior Wireless Engineer ISC Network Operations University of Pennsylvania OpenPGP Key ID: 0xF3D8215A (p) 215-746-2808
Current thread:
- PCI Wireless Question for other colleges/universities Paul Chauvet (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Manjak, Martin (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Paul Chauvet (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Brad Judy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Rumford, Charles C (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Paul Chauvet (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Paul Chauvet (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Manjak, Martin (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Carroll, Tim (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Kevin Reedy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Brad Judy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Kevin Reedy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Brad Judy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Kevin Reedy (Jan 25)
- Re: PCI Wireless Question for other colleges/universities Carroll, Tim (Jan 26)
- Re: PCI Wireless Question for other colleges/universities Eric Lukens (Jan 26)
- Re: PCI Wireless Question for other colleges/universities Dexter Caldwell (Jan 26)
- Re: PCI Wireless Question for other colleges/universities Kevin Reedy (Jan 27)
- Re: PCI Wireless Question for other colleges/universities Brad Judy (Jan 27)